Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-232 (未定义值处理不恰当) — Vulnerability Class 10

10 vulnerabilities classified as CWE-232 (未定义值处理不恰当). AI Chinese analysis included.

CWE-232 represents a logic flaw where software fails to properly manage undefined or unsupported values for specific parameters, fields, or arguments. This weakness typically arises when developers assume inputs will always conform to expected formats, leading to unexpected behavior when null, empty, or invalid data is encountered. Attackers exploit this by supplying malformed or missing arguments to trigger crashes, bypass security checks, or cause denial of service conditions. To mitigate this risk, developers must implement rigorous input validation and defensive programming practices. This includes explicitly checking for null or undefined states before processing data, using default values for optional parameters, and ensuring that all code paths handle edge cases gracefully. By validating input types and structures early in the execution flow, teams can prevent undefined value errors from compromising system stability or security.

MITRE CWE Description
The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.
Common Consequences (1)
IntegrityUnexpected State
Examples (1)
In this example, an address parameter is read and trimmed of whitespace.
String address = request.getParameter("address"); address = address.trim(); String updateString = "UPDATE shippingInfo SET address='?' WHERE email='cwe@example.com'"; emailAddress = con.prepareStatement(updateString); emailAddress.setString(1, address);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-20314 Cisco IOS XE 安全漏洞 — Cisco IOS XE Software 6.7 Medium2025-09-24
CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure — BIND 9 7.5 High2025-05-21
CVE-2025-20192 Cisco IOS XE 安全漏洞 — Cisco IOS XE Software 7.7 High2025-05-07
CVE-2023-39915 Crashes on parsing certain invalid RPKI objects — Routinator 7.5 High2023-09-13
CVE-2023-39914 BER/CER/DER decoder panics on invalid input — bcder 7.5 High2023-09-13
CVE-2023-36848 Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet — Junos OS 6.5 Medium2023-07-14
CVE-2023-2968 Undefined variable usage in npm package "proxy" leads to remote denial of service 7.5 High2023-05-30
CVE-2022-22213 Junos OS and Junos OS Evolved: Denial of Service (DoS) vulnerability in RPD upon receipt of specific BGP update — Junos OS 5.9 Medium2022-07-20
CVE-2021-3718 Lenovo ThinkPad 安全漏洞 — ThinkPad BIOS 4.3 Medium2021-11-12
CVE-2021-34705 Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability — Cisco IOS 5.3 Medium2021-09-23

Vulnerabilities classified as CWE-232 (未定义值处理不恰当) represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.