Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-230 (缺失值处理不恰当) — Vulnerability Class 9

9 vulnerabilities classified as CWE-230 (缺失值处理不恰当). AI Chinese analysis included.

CWE-230 represents a logic error where software fails to properly manage parameters, fields, or arguments that are explicitly specified but lack associated values, resulting in empty, blank, or null inputs. This weakness is typically exploited by attackers who manipulate request structures to send malformed data, triggering unexpected application states, crashes, or denial-of-service conditions. In some cases, missing values can bypass security checks or cause unintended data exposure if the system defaults to insecure behaviors. To mitigate this risk, developers must implement robust input validation that explicitly checks for null or empty conditions before processing. By enforcing strict type checking and establishing clear default behaviors or error handling routines for absent data, engineers can ensure the application remains stable and secure, preventing attackers from leveraging these gaps to disrupt service or compromise system integrity.

MITRE CWE Description
The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.
Common Consequences (1)
IntegrityUnexpected State
Examples (1)
This Android application has registered to handle a URL when sent an intent:
... IntentFilter filter = new IntentFilter("com.example.URLHandler.openURL"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); ... public class UrlHandlerReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { if("com.example.URLHandler.openURL".equals(intent.getAction())) { String URL = intent.getStringExtra("URLToOpen"); int length = URL.length(); ... } } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-20086 Cisco IOS XE Wireless Controller software 安全漏洞 — Cisco IOS XE Software 8.6 High2026-03-25
CVE-2026-1461 Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values — Simple Membership 6.5 Medium2026-02-19
CVE-2025-23225 IBM MQ denial of service — MQ 6.5 Medium2025-02-28
CVE-2024-11024 AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset — AppPresser – Mobile App Framework 9.8 Critical2024-11-26
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 9.8 Critical2024-11-09
CVE-2024-9781 Improper Handling of Missing Values in Wireshark — Wireshark 7.8 High2024-10-10
CVE-2024-6237 389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request 6.5 Medium2024-07-09
CVE-2024-0208 Improper Handling of Missing Values in Wireshark — Wireshark 7.8 High2024-01-03
CVE-2023-1697 Junos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed ethernet frame is received — Junos OS 6.5 Medium2023-04-17

Vulnerabilities classified as CWE-230 (缺失值处理不恰当) represent 9 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.