logo

Failure to Handle Incomplete Element

Draft Variant
Structure: Simple
Description

This vulnerability occurs when a system fails to properly manage or validate data elements that are missing required parts or are only partially defined.

Extended Description

Incomplete elements are a common source of unexpected behavior and security flaws. When a program expects a full set of data—like a user profile with a required email field, a configuration file with mandatory settings, or a network packet with a complete header—but receives only a partial version, it must decide how to respond. Without explicit handling, the system might crash, enter an unstable state, or default to insecure values, creating an opening for attackers to exploit. To prevent this, developers should implement strict validation at all data entry points. This means checking for the presence, format, and completeness of every required element before processing. Using allowlists for inputs, defining clear error-handling routines (like rejecting the request or using a secure default), and writing comprehensive unit tests for edge cases are essential steps to ensure the system remains robust when faced with incomplete or malformed data.
Common Consequences 1
Scope: IntegrityOther

Impact: Varies by ContextUnexpected State
Observed Examples 4
CVE-2002-1532HTTP GET without \r\n\r\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.
CVE-2003-0195Partial request is not timed out.
CVE-2005-2526MFV. CPU exhaustion in printer via partial printing request then early termination of connection.
CVE-2002-1906CPU consumption by sending incomplete HTTP requests and leaving the connections open.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Handling of Structural Elements (CWE-237)
PeerOf: Improper Resource Shutdown or Release (CWE-404)
Taxonomy Mapping
  • PLOVER