Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-130 (长度参数不一致性处理不恰当) — Vulnerability Class 71

71 vulnerabilities classified as CWE-130 (长度参数不一致性处理不恰当). AI Chinese analysis included.

CWE-130 represents a critical logic flaw where software fails to validate that a declared length parameter matches the actual size of the associated data buffer. This inconsistency typically arises during the parsing of formatted messages or structured inputs, allowing attackers to manipulate length fields to deceive the application. By exploiting this discrepancy, adversaries can trigger buffer overflows, memory corruption, or unexpected control flow alterations, potentially leading to remote code execution or denial of service. To mitigate this vulnerability, developers must implement rigorous input validation that strictly verifies the integrity of length fields against actual data sizes before processing. Employing safe string handling libraries, enforcing strict type checking, and utilizing bounds-checking mechanisms ensures that the application correctly interprets data structures, thereby preventing attackers from leveraging length mismatches to compromise system stability or security.

MITRE CWE Description
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.
Common Consequences (1)
Confidentiality, IntegrityRead Memory, Modify Memory, Varies by Context
Mitigations (3)
ImplementationWhen processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
ImplementationDo not let the user control the size of the buffer.
ImplementationValidate that the length of the user-supplied data is consistent with the buffer size.
Examples (1)
In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.
int processMessageFromSocket(int socket) { int success; char buffer[BUFFER_SIZE]; char message[MESSAGE_SIZE]; // get message from socket and store into buffer //Ignoring possibliity that buffer > BUFFER_SIZE if (getMessage(socket, buffer, BUFFER_SIZE) > 0) { // place contents of the buffer into message structure ExMessage *msg = recastBuffer(buffer); // copy message body into string for processing int index; for (index = 0; index < msg->msgLength; index++) { message[index] = msg->msgBody[index]; } message[index] = '\0'; // process message success = processMessage(message); } return success; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-36373 Apache Ant TAR archive denial of service vulnerability — Apache Ant 5.5 -2021-07-14
CVE-2021-36090 Apache Commons Compress 1.0 to 1.20 denial of service vulnerability — Apache Commons Compress 7.5 -2021-07-13
CVE-2021-35517 Apache Commons Compress 1.1 to 1.20 denial of service vulnerability — Apache Commons Compress 7.5 -2021-07-13
CVE-2021-35516 Apache Commons Compress 1.6 to 1.20 denial of service vulnerability — Apache Commons Compress 7.5 -2021-07-13
CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI — zephyr 3.8 Low2021-05-24
CVE-2021-20588 Mitsubishi Electric FA engineering software 缓冲区错误漏洞 — CPU Module Logging Configuration Tool 7.5 High2021-02-19
CVE-2020-8927 Buffer overflow in Brotli library — Brotli 5.3 Medium2020-09-15
CVE-2020-16224 Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency — Patient Information Center iX (PICiX) 6.5 -2020-09-11
CVE-2019-0055 Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled. — Junos OS 7.5 High2019-10-09
CVE-2019-3862 libssh2 缓冲区错误漏洞 — libssh2 9.1 -2019-03-20
CVE-2018-5453 Moxa OnCell G3100-HSPA Series 安全漏洞 — Moxa OnCell G3100-HSPA Series 7.5 -2018-03-05

Vulnerabilities classified as CWE-130 (长度参数不一致性处理不恰当) represent 71 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.