CWE-130

Improper Handling of Length Parameter Inconsistency
AI Translation Available

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Status
incomplete
Abstraction
base
C C++ Not Language-Specific

If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.

Common Consequences

confidentiality integrity
Impacts
read memory modify memory varies by context

Detection Methods

automated static analysis

Potential Mitigations

Phases:
implementation
Descriptions:
• Do not let the user control the size of the buffer.
• When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.
• Validate that the length of the user-supplied data is consistent with the buffer size.