logo

Improper Handling of Extra Values

Draft Variant
Structure: Simple
Description

This vulnerability occurs when software receives more input values than it was designed to handle, and fails to properly manage or reject the excess data.

Extended Description

Imagine a function expecting three parameters, but an attacker sends five. If the software doesn't have proper input validation, those extra two values can slip through. They might overflow into adjacent memory, corrupt other variables, or trigger unexpected logic paths, creating a direct opening for exploitation. Developers can prevent this by implementing strict input validation that explicitly checks the number of received arguments or data fields before processing. Using safe APIs and modern frameworks that manage parameter lists automatically, along with comprehensive testing that includes fuzzing with variable-length inputs, are key strategies to close this gap.
Common Consequences 1
Scope: Integrity

Impact: Unexpected State
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Handling of Values (CWE-229)
CanPrecede: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Taxonomy Mapping
  • PLOVER
Notes
RelationshipThis can overlap buffer overflows.