1. Home
  2. Weaknesses
  3. CWE-130

CWE-130: Improper Handling of Length Parameter Inconsistency

ID CWE-130
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 49
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language C
Language C++
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-240 Improper Handling of Inconsistent Structural Elements Base Simple Draft
CWE-1305 CISQ Quality Measures (2020) Incomplete CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Class Simple Stable
CWE-1340 CISQ Data Protection Measures Incomplete CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Class Simple Stable
CWE-1000 Research Concepts Draft CWE-805 Buffer Access with Incorrect Length Value Base Simple Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-47 Buffer Overflow via Parameter Expansion CWE-130

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date