CVEbaza.plSłownik CWECWE-166
Common Weakness Enumeration

CWE-166

Improper Handling of Missing Special Element

Kategoria: BaseCVE: 4
Opis

Produkt odbiera dane wejściowe z komponentu nadrzędnego, ale nie obsługuje lub nieprawidłowo obsługuje sytuację, gdy brakuje oczekiwanego elementu specjalnego. Prowadzi to do potencjalnych błędów w przetwarzaniu danych lub luk bezpieczeństwa.

Description (EN)

The product receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.

Podatności CVE z CWE-166 (4)
8.7
CVSS
HIGH
CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.

pub. 2026-04-07
7.5
CVSS
HIGH
CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

pub. 2026-02-10
7.5
CVSS
HIGH
CVE-2024-38091

Microsoft WS-Discovery Denial of Service Vulnerability

pub. 2024-07-09
4.6
CVSS
MEDIUM
CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

pub. 2026-05-20
Informacje
ID: CWE-166
Typ: Base
Podatności: 4
MITRE CWE ↗
← Słownik CWE
CWE-166 — Improper Handling of Missing Special Element | Słownik CWE | CVEbaza.pl