Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-130 (长度参数不一致性处理不恰当) — Vulnerability Class 71

71 vulnerabilities classified as CWE-130 (长度参数不一致性处理不恰当). AI Chinese analysis included.

CWE-130 represents a critical logic flaw where software fails to validate that a declared length parameter matches the actual size of the associated data buffer. This inconsistency typically arises during the parsing of formatted messages or structured inputs, allowing attackers to manipulate length fields to deceive the application. By exploiting this discrepancy, adversaries can trigger buffer overflows, memory corruption, or unexpected control flow alterations, potentially leading to remote code execution or denial of service. To mitigate this vulnerability, developers must implement rigorous input validation that strictly verifies the integrity of length fields against actual data sizes before processing. Employing safe string handling libraries, enforcing strict type checking, and utilizing bounds-checking mechanisms ensures that the application correctly interprets data structures, thereby preventing attackers from leveraging length mismatches to compromise system stability or security.

MITRE CWE Description
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.
Common Consequences (1)
Confidentiality, IntegrityRead Memory, Modify Memory, Varies by Context
Mitigations (3)
ImplementationWhen processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
ImplementationDo not let the user control the size of the buffer.
ImplementationValidate that the length of the user-supplied data is consistent with the buffer size.
Examples (1)
In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.
int processMessageFromSocket(int socket) { int success; char buffer[BUFFER_SIZE]; char message[MESSAGE_SIZE]; // get message from socket and store into buffer //Ignoring possibliity that buffer > BUFFER_SIZE if (getMessage(socket, buffer, BUFFER_SIZE) > 0) { // place contents of the buffer into message structure ExMessage *msg = recastBuffer(buffer); // copy message body into string for processing int index; for (index = 0; index < msg->msgLength; index++) { message[index] = msg->msgBody[index]; } message[index] = '\0'; // process message success = processMessage(message); } return success; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-37989 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 8.0 High2024-07-09
CVE-2024-37988 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 8.0 High2024-07-09
CVE-2023-52547 Huawei PC Manager 安全漏洞 — CurieM-WFG9B 7.8 High2024-05-28
CVE-2023-5393 Honeywell Experion PKS 安全漏洞 — Experion Server 7.4 High2024-04-11
CVE-2024-20685 Azure Private 5G Core Denial of Service Vulnerability — Azure Private 5G Core 5.9 Medium2024-04-09
CVE-2024-29064 Windows Hyper-V Denial of Service Vulnerability — Windows 10 Version 1809 6.2 Medium2024-04-09
CVE-2024-24976 Open Automation Software OAS Platform 安全漏洞 — OAS Platform 4.9 Medium2024-04-03
CVE-2023-50248 CKAN out of memory error when submitting the dataset form with a specially-crafted field — ckan 4.5 Medium2023-12-13
CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length — jetty.project 5.3 Medium2023-09-15
CVE-2023-33192 Improper handling of NTS cookie length that could crash the ntpd-rs server — ntpd-rs 7.5 High2023-05-27
CVE-2022-36788 Slic3r 缓冲区错误漏洞 — libslic3r 8.1 High2023-04-20
CVE-2023-28964 Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash — Junos OS 7.5 High2023-04-17
CVE-2022-20690 Cisco ATA 190 输入验证错误漏洞 — Cisco Analog Telephone Adaptor (ATA) Software 5.3 Medium2022-12-07
CVE-2022-20689 Cisco ATA 190 输入验证错误漏洞 — Cisco Analog Telephone Adaptor (ATA) Software 5.3 Medium2022-12-07
CVE-2022-20686 Cisco ATA 190 代码注入漏洞 — Cisco Analog Telephone Adaptor (ATA) Software 5.3 Medium2022-12-07
CVE-2022-20870 Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability — Cisco IOS XE Software 8.6 High2022-10-10
CVE-2021-27862 L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation — 802.2 4.7 -2022-09-27
CVE-2021-27861 L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths — 802.2 4.7 -2022-09-27
CVE-2022-3290 Improper Handling of Length Parameter Inconsistency in ikus060/rdiffweb — ikus060/rdiffweb 7.5 -2022-09-26
CVE-2022-3272 Improper Handling of Length Parameter Inconsistency in ikus060/rdiffweb — ikus060/rdiffweb 7.5 -2022-09-26
CVE-2022-2714 Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis — francoisjacquet/rosariosis 9.1 -2022-09-06
CVE-2021-38445 OCI OpenDDS Secure Improper Handling of Length Parameter Inconsistency — OpenDDS 7.0 High2022-05-05
CVE-2022-1543 Improper handling of Length parameter in erudika/scoold — erudika/scoold 8.8 -2022-04-29
CVE-2022-0677 Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144) — Update Server 7.5 High2022-04-07
CVE-2022-0618 swift-nio-http2 安全漏洞 — SwiftNIO HTTP2 7.5 -2022-03-09
CVE-2022-24666 swift-nio-http2 安全漏洞 — SwiftNIO HTTP2 7.5 -2022-02-09
CVE-2021-20610 多款Mitsubishi Electric产品安全漏洞 — MELSEC iQ-R Series R00CPU 7.5 High2021-12-01
CVE-2021-26329 AMD 多款产品输入验证错误漏洞 — 1st Gen AMD EPYC™ 5.5 -2021-11-16
CVE-2021-3454 Truncated L2CAP K-frame causes assertion failure — zephyr 4.3 Medium2021-10-19
CVE-2021-36374 Apache Ant ZIP, and ZIP based, archive denial of service vulerability — Apache Ant 5.5 -2021-07-14

Vulnerabilities classified as CWE-130 (长度参数不一致性处理不恰当) represent 71 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.