Improper Handling of Length Parameter Inconsistency |
Weakness ID: 130 (Weakness Base) | Status: Incomplete |
Description Summary
Extended Description
If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.
Reference | Description |
---|---|
CVE-2009-2299 | Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data. |
CVE-2001-0825 | |
CVE-2001-1186 | |
CVE-2001-0191 | |
CVE-2003-0429 | |
CVE-2000-0655 | |
CVE-2004-0492 | |
CVE-2004-0201 | |
CVE-2003-0825 | can overlap zero-length issues |
CVE-2004-0095 | |
CVE-2004-0826 | |
CVE-2004-0808 | |
CVE-2002-1357 | |
CVE-2004-0774 | |
CVE-2004-0989 | |
CVE-2004-0568 | |
CVE-2003-0327 | |
CVE-2003-0345 | |
CVE-2004-0430 | |
CVE-2005-0064 | |
CVE-2004-0413 | leads to memory consumption, integer overflow, and heap overflow |
CVE-2004-0940 | is effectively an accidental double increment of a counter that prevents a length check conditional from exiting a loop. |
CVE-2002-1235 | length field of a request not verified |
CVE-2005-3184 | buffer overflow by modifying a length value |
SECUNIA:18747 | length field inconsistency crashes cell phone |
Do not let the user control the size of the buffer. |
Validate that the length of the user-supplied data is consistent with the buffer size. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 119 | Failure to Constrain Operations within the Bounds of a Memory Buffer | Development Concepts (primary)699 |
ChildOf | Weakness Base | 240 | Improper Handling of Inconsistent Structural Elements | Research Concepts (primary)1000 |
CanPrecede | Weakness Base | 805 | Buffer Access with Incorrect Length Value | Research Concepts1000 |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
47 | Buffer Overflow via Parameter Expansion |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Description, Name, Relationships, Observed Example, Relationship Notes, Taxonomy Mappings, Weakness Ordinalities | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Description, Name | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Observed Examples | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-09-09 | Length Parameter Inconsistency | |||
2009-03-10 | Failure to Handle Length Parameter Inconsistency | |||