Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1284 — Vulnerability Class 134

134 vulnerabilities classified as CWE-1284. AI Chinese analysis included.

CWE-1284 represents a critical input validation weakness where software fails to properly verify numerical constraints such as size, length, or frequency provided by users. Attackers typically exploit this flaw by submitting maliciously crafted inputs that exceed expected limits, triggering resource exhaustion, buffer overflows, or logic errors during allocation and iteration processes. By bypassing these checks, adversaries can cause denial of service, data corruption, or arbitrary code execution. To mitigate this risk, developers must implement rigorous validation routines that enforce strict upper and lower bounds on all quantitative inputs. This includes verifying that values fall within acceptable ranges before processing, using safe parsing functions, and applying defensive programming techniques to handle unexpected or extreme values gracefully, thereby ensuring system stability and preventing exploitation of unchecked numerical parameters.

MITRE CWE Description
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc.
Common Consequences (1)
Other, Integrity, AvailabilityVaries by Context, DoS: Resource Consumption (CPU), Modify Memory, Read Memory
When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
Examples (2)
This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.
... public static final double price = 20.00; int quantity = currentUser.getAttribute("quantity"); double total = price * quantity; chargeUser(total); ...
Bad · Java
This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.
... #define MAX_DIM 100 ... /* board dimensions */ int m,n, error; board_square_t *board; printf("Please specify the board height: \n"); error = scanf("%d", &m); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } printf("Please specify the board width: \n"); error = scanf("%d", &n); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } if ( m > MAX_DIM || n > MAX_DIM ) { die("Value too large: Die evil hacker!\n"); } board = (board_square_t*) malloc( m * n * sizeof(board_square_t)); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-20515 AMD Client Processor 安全漏洞 — AMD Ryzen™ 3000 Series Desktop Processors 5.7 Medium2025-02-11
CVE-2024-20149 MediaTek Chipsets 安全漏洞 — MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863 7.5 -2025-01-06
CVE-2024-52901 IBM InfoSphere Information Server denial of service — InfoSphere Information Server 6.5 Medium2024-12-12
CVE-2024-47257 AXIS OS 安全漏洞 — AXIS Q6128-E PTZ Network Camera 7.5 High2024-11-26
CVE-2024-6068 Input Validation Vulnerability exists in Arena® Input Analyzer — Arena Input Analyzer 7.3 High2024-11-14
CVE-2024-7316 Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series — Mitsubishi Electric CNC M800V Series M800VW 5.9 Medium2024-10-17
CVE-2022-25769 Improper regex in htaccess file — Mautic 7.2 High2024-09-18
CVE-2024-8887 Authentication bypass vulnerability on CIRCUTOR Q-SMT — CIRCUTOR Q-SMT 10.0 Critical2024-09-18
CVE-2024-5931 BT: Unchecked user input in bap_broadcast_assistant — Zephyr 6.3 Medium2024-09-13
CVE-2024-8558 SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input — Food Ordering Management System 4.3 Medium2024-09-07
CVE-2024-0111 NVIDIA CUDA toolkit 安全漏洞 — CUDA Toolkit 4.4 Medium2024-08-31
CVE-2024-6768 Denial of Service in CLFS.sys — Windows 10 6.5AIMediumAI2024-08-12
CVE-2024-3036 Communication DoS vulnerability — 800xA Base 5.7 Medium2024-06-21
CVE-2024-5102 Elevation of Privelage via symlinked file in Avast Antivirus — Antivirus 7.8 -2024-06-10
CVE-2024-24715 WordPress WordPress BookIt Plugin plugin <= 2.4.0 - Price Bypass Vulnerability vulnerability — BookIt 6.5 Medium2024-05-17
CVE-2024-30527 WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability — WP Express Checkout (Accept PayPal Payments) 7.5 High2024-05-17
CVE-2024-3317 SailPoint Identity Security Cloud Improper Access Control — Identity Security Cloud 6.5 Medium2024-05-15
CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users — Insight Agent 6.8 Medium2024-04-23
CVE-2024-23593 Microsoft Windows Secure Boot 安全漏洞 — Windows 7 and 8 PC Preloads 6.7 Medium2024-04-15
CVE-2024-24690 Zoom Clients - Improper Input Validation — Zoom Clients 5.4 Medium2024-02-14
CVE-2023-4518 Hitachi Energy SAM600 安全漏洞 — Relion670 6.5 Medium2023-12-01
CVE-2023-23549 DoS via long hostnames — Checkmk 2.7 Low2023-11-15
CVE-2023-36839 Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received — Junos OS 6.5 Medium2023-10-12
CVE-2023-4439 SourceCodester Card Holder Management System Minus Value unknown vulnerability — Card Holder Management System 4.3 Medium2023-08-20
CVE-2023-0195 NVIDIA GPU Display Driver 安全漏洞 — vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows) 2.0 Low2023-04-01
CVE-2023-0194 多款NVIDIA产品 安全漏洞 — vGPU software (guest driver - Windows), NVIDIA Cloud Gaming (guest driver - Windows) 2.0 Low2023-04-01
CVE-2022-4171 demon image annotation <= 5.0 - Improper Input Restriction Validation — demon image annotation 6.5 Medium2022-12-13
CVE-2021-44693 Siemens SIMATIC Drive Controller 安全漏洞 — SIMATIC Drive Controller CPU 1504D TF 4.9 Medium2022-12-13
CVE-2022-46143 Siemens部分产品 安全漏洞 — RUGGEDCOM RM1224 LTE(4G) EU 2.7 Low2022-12-13
CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet — tooljet/tooljet 6.5 Medium2022-11-22

Vulnerabilities classified as CWE-1284 represent 134 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.