Improper Validation of Consistency within Input Archives

Read Time:31 Second

Description

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-20

Consequences

Other: Varies by Context

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description:

CVE References

CVE-2018-16733
- product does not validate that the start block appears before the end block

CVE-2006-3790
- size field that is inconsistent with packet size leads to buffer over-read

CVE-2008-4114
- system crash with offset value that is inconsistent with packet size

Cyber Security News

Tag Archives: Improper Validation of Consistency within Input

CWE-1288 – Improper Validation of Consistency within Input

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more