CWE-234 - Failure to Handle Missing Parameter
- Abstraction:Variant
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2024-02-29
Weakness Name
Failure to Handle Missing Parameter
Description
If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.
Common Consequences
Scope: Integrity, Confidentiality, Availability, Access Control
Impact: Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity
Notes: There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted.
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Notes: Potentially a program could fail if it needs more arguments then are available.
Related Weaknesses
Port of Seattle says ransomware breach impacts 90,000 people
PoisonSeed phishing campaign behind emails with wallet seed phrases
Australian pension funds hit by wave of credential stuffing attacks
Europcar GitLab breach exposes data of up to 200,000 customers
OpenAI's $20 ChatGPT Plus is now free for students until the end of May
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives