Improper Handling of Values
This vulnerability occurs when software fails to correctly process situations where input contains too few values, too many values, or undefined values for expected parameters, fields, or arguments.
This weakness typically emerges when code assumes input will always contain a specific number of values but doesn't validate this assumption. For example, a function might expect exactly three parameters from an API call but crashes or behaves unexpectedly when it receives only two, or when one of those values is explicitly 'null' or 'undefined'. Without proper checks, this can lead to crashes, incorrect calculations, security bypasses, or unintended system behavior. To prevent this, developers should implement strict input validation that verifies both the count and the defined state of all expected values before processing. Defensive coding practices include setting default values for missing parameters, using schema validation for structured data, and employing safe access patterns (like optional chaining in JavaScript or null-conditional operators in C#) that gracefully handle missing or undefined data without throwing exceptions.
Impact: Unexpected State