CWE-231 - Improper Handling of Extra Values

Home/CWEs/CWE info/

CWE-231

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Handling of Extra Values

Description: The product does not handle or incorrectly handles when more values are provided than expected.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')High

CWE-229Improper Handling of Values

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Hackers now use AppDomain Injection to drop CobaltStrike beacons

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

CWE top 25 most dangerous software weaknesses

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls

Common Alerts

MediumX-ChromeLogger-Data (XCOLD) Header Information Leak

InformationalRetrieved from Cache

MediumCSP: script-src unsafe-inline

HighHeartbleed OpenSSL Vulnerability (Indicative)

HighRemote Code Execution - Shell Shock

MediumInformation Disclosure - JWT in Browser localStorage

InformationalRetrieved from Cache

LowStrict-Transport-Security Disabled

MediumBypassing 403

HighAdvanced SQL Injection

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2022-48618 Apple Multiple Products Memory Corruption Vulnerability

Common CWEs

CWE-267 Privilege Defined With Unsafe Actions

CWE-1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor

CWE-446 UI Discrepancy for Security Feature

CWE-363 Race Condition Enabling Link Following

CWE-1079 Parent Class without Virtual Destructor Method

CWE-33 Path Traversal: '....' (Multiple Dot)

CWE-1121 Excessive McCabe Cyclomatic Complexity

CWE-1090 Method Containing Access of a Member Element from Another Class

CWE-550 Server-generated Error Message Containing Sensitive Information

CWE-520 .NET Misconfiguration: Use of Impersonation

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-231 - Improper Handling of Extra Values

The product does not handle or incorrectly handles when more values are provided than expected.