Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1287 — Vulnerability Class 107

107 vulnerabilities classified as CWE-1287. AI Chinese analysis included.

CWE-1287 represents a critical input validation weakness where software fails to verify that received data matches its expected type, such as accepting a string where an integer is required. Attackers typically exploit this by injecting malformed or mismatched data types to trigger unexpected runtime errors, cause logic failures, or bypass security controls. This mismatch can expose latent vulnerabilities, allowing attackers to execute unauthorized actions or crash the application. To prevent this, developers must implement rigorous type checking mechanisms early in the input processing pipeline. Utilizing strict typing in programming languages, validating data schemas, and employing robust parsing libraries ensures that inputs conform to anticipated formats. Additionally, implementing comprehensive error handling prevents attackers from leveraging type confusion to bypass authentication or execute malicious code, thereby maintaining application integrity and security.

MITRE CWE Description
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type. This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type.
Common Consequences (1)
OtherVaries by Context
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
CVE IDTitleCVSSSeverityPublished
CVE-2023-47727 IBM QRadar Suite Software file manipulation — Cloud Pak for Security 4.3 Medium2024-05-02
CVE-2024-30395 Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash — Junos OS 7.5 High2024-04-12
CVE-2023-3904 Improper Validation of Specified Type of Input in GitLab — GitLab 4.3 Medium2023-12-15
CVE-2023-3917 Improper Validation of Specified Type of Input in GitLab — GitLab 4.3 Medium2023-09-29
CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab — GitLab 3.5 Low2023-09-29
CVE-2023-4522 Improper Validation of Specified Type of Input in GitLab — GitLab 4.3 Medium2023-08-30
CVE-2023-3900 Improper Validation of Specified Type of Input in GitLab — GitLab 4.3 Medium2023-08-02
CVE-2023-28799 Zscaler Client Connector 输入验证错误漏洞 — Client Connector 8.2 High2023-06-22
CVE-2023-2431 Bypass of seccomp profile enforcement — Kubernetes 3.4 Low2023-06-16
CVE-2023-2673 PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation — FL MGUARD 2102 5.3 Medium2023-06-13
CVE-2021-44694 Siemens SIMATIC Drive Controller 输入验证错误漏洞 — SIMATIC Drive Controller CPU 1504D TF 5.5 Medium2022-12-13
CVE-2022-43723 Siemens SICAM PAS/PQS 输入验证错误漏洞 — SICAM PAS/PQS 7.5 -2022-12-13
CVE-2022-22228 Junos OS: IPv6 OAM SRv6 network-enabled devices are vulnerable to Denial of Service (DoS) due to RPD memory leak upon receipt of specific a IPv6 packet — Junos OS 7.5 High2022-10-18
CVE-2022-20783 Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability — Cisco RoomOS Software 7.5 High2022-04-21
CVE-2022-22168 Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot — Junos OS 6.5 Medium2022-01-19
CVE-2021-32024 BlackBerry QNX SDP 安全漏洞 — QNX Software Development Platform (SDP) 8.1 High2021-12-13
CVE-2021-20329 Specific cstrings input may not be properly validated in the Go Driver — MongoDB Go Driver 6.8 Medium2021-06-10

Vulnerabilities classified as CWE-1287 represent 107 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.