Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-240 (对不一致结构体元素处理不恰当) — Vulnerability Class 2

2 vulnerabilities classified as CWE-240 (对不一致结构体元素处理不恰当). AI Chinese analysis included.

CWE-240 represents a structural inconsistency weakness where software fails to maintain alignment between related components, such as mismatched headers and payloads or divergent data structures. Attackers typically exploit this by crafting inputs that deliberately violate expected structural relationships, triggering buffer overflows, logic errors, or unexpected execution paths when the system processes the malformed data. This inconsistency often arises from insufficient validation of input integrity or rigid assumptions about data formats. Developers can prevent these vulnerabilities by implementing robust input validation that verifies structural coherence before processing, using standardized serialization formats with built-in integrity checks, and enforcing strict type checking. Additionally, adopting defensive programming practices that explicitly handle edge cases and unexpected data states ensures the application remains resilient against malformed inputs that attempt to exploit these structural discrepancies.

MITRE CWE Description
The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.
int processMessageFromSocket(int socket) { int success; char buffer[BUFFER_SIZE]; char message[MESSAGE_SIZE]; // get message from socket and store into buffer //Ignoring possibliity that buffer > BUFFER_SIZE if (getMessage(socket, buffer, BUFFER_SIZE) > 0) { // place contents of the buffer into message structure ExMessage *msg = recastBuffer(buffer); // copy message body into string for processing int index; for (index = 0; index < msg->msgLength; index++) { message[index] = msg->msgBody[index]; } message[index] = '\0'; // process message success = processMessage(message); } return success; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-4321 DoS in RS9116W-WiSeConnect L2CAP protocol due to reception of malformed packets — RS9116W 6.5AIMediumAI2025-11-17
CVE-2021-31890 Siemens Nucleus ReadyStart 安全漏洞 — Capital Embedded AR Classic 431-422 7.5 High2021-11-09

Vulnerabilities classified as CWE-240 (对不一致结构体元素处理不恰当) represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.