CWE-130

Overview

CWE ID
130

CWE Name
Improper Handling of Length Parameter Inconsistency

CWE Abstraction
Base

CWE structure
Simple

CWE Status
Incomplete

Description

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Extended Description

If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One

Related CWEs

CWE ID	View ID	Nature	Ordinal
240	1000	ChildOf	Primary
119	1305	ChildOf	Primary
119	1340	ChildOf	Primary
805	1000	CanPrecede

Related CVEs

CVE
CVE-2021-38445
CVE-2020-16224
CVE-2022-2714
CVE-2021-35516
CVE-2021-35517
CVE-2021-36090
CVE-2021-36373
CVE-2021-36374
CVE-2023-28964
CVE-2022-36788
CVE-2021-3454
CVE-2023-40167
CVE-2023-5393
CVE-2023-33192
CVE-2023-52547
CVE-2023-50248
CVE-2024-37305
CVE-2024-29064
CVE-2024-24976
CVE-2024-20685
CVE-2023-52547
CVE-2023-50248
CVE-2024-37305
CVE-2024-29064
CVE-2024-24976
CVE-2024-20685
CVE-2024-37989
CVE-2024-37988
CVE-2024-38010
CVE-2024-38011
CVE-2024-20416
CVE-2024-47293
CVE-2024-47293
CVE-2024-47293
CVE-2024-47293
CVE-2024-47293