Read Time:33 Second
Description
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Other: Varies by Context
Since quantities are used so often to affect resource allocation or process financial data, they are often present in many places in the code.
Potential Mitigations
Phase: Implementation
Effectiveness: High
Description:
CVE References
- CVE-2008-1440
- lack of validation of length field leads to infinite loop
- CVE-2008-2374
- lack of validation of string length fields allows memory consumption or buffer over-read