Encoding Error
This vulnerability occurs when software incorrectly transforms data between different formats, leading to corrupted or misinterpreted information that can break functionality or create security gaps.
Encoding errors happen when a system fails to properly convert data from one character set or format to another, such as between UTF-8, ASCII, or URL encoding. This often surfaces when handling user input, transferring data across systems, or preparing information for display. The result is 'mojibake' (garbled text), lost data, or unexpected characters that can crash applications, corrupt data storage, or bypass validation checks. For developers, the core issue is assuming data will always be in a single, expected format. To prevent this, explicitly define and validate character encodings at every system boundary—when reading input, sending output, or storing data. Use standardized, well-tested libraries for all encoding/decoding operations instead of custom logic, and consistently apply these transformations across your entire application stack to maintain data integrity.
Impact: Unexpected State
Strategy: Input Validation
Strategy: Output Encoding
Strategy: Input Validation
- 3DEPRECATED: Technology-specific Environment Issues
- 52Path Equivalence: '/multiple/trailing/slash//'
- 53Path Equivalence: '\multiple\\internal\backslash'
- 64Windows Shortcut Following (.LNK)
- 71DEPRECATED: Apple '.DS_Store'
- 72Improper Handling of Apple HFS+ Alternate Data Stream Path
- 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- 80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- 120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- 267Privilege Defined With Unsafe Actions
- PLOVER