CVEbaza.plSłownik CWECWE-229
Common Weakness Enumeration

CWE-229

Improper Handling of Values

Kategoria: BaseCVE: 18
Opis

Produkt nie obsługuje prawidłowo sytuacji, gdy oczekiwana liczba wartości dla parametrów, pól lub argumentów nie jest dostarczona w wejściu lub gdy wartości te są niezdefiniowane. Może to prowadzić do błędów lub nieprzewidywalnego zachowania aplikacji.

Description (EN)

The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

Podatności CVE z CWE-229 (18)
9.2
CVSS
CRITICAL
CVE-2025-7964

Podatność w implementacji protokołu Zigbee powoduje, że odebranie zniekształconej ramki MAC Data Request standardu 802.15.4 prowadzi do wysłania przez Zigbee Coordinator żądania opuszczenia sieci do Zigbee Router, wprowadzając go w stan, z którego nie może samodzielnie powrócić do sieci. Skutkuje to trwałą niedostępnością sieci Zigbee wymagającą ręcznej rekonfiguracji.

pub. 2026-01-30
9.1
CVSS
CRITICAL
CVE-2026-45602

Podatność w usłudze Windows DHCP Server pozwala nieuwierzytelnionemu atakującemu na manipulację danymi przez sieć bez żadnych uprawnień wstępnych. Ocena CVSS 9.1 (CRITICAL) wskazuje na wysokie ryzyko naruszenia integralności i poufności danych.

pub. 2026-06-09
8.7
CVSS
HIGH
CVE-2024-39531

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased.  This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO,  * 22.2 versions before 22.2R3-S3-EVO, * 22.3 versions before 22.3R3-S3-EVO,  * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-EVO, * 23.4 versions before 23.4R1-S1-EVO, 23.4R2-EVO.

pub. 2024-07-11
8.2
CVSS
HIGH
CVE-2022-2809

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.

pub. 2022-10-27
8.2
CVSS
HIGH
CVE-2022-3409

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.

pub. 2022-10-27
7.5
CVSS
HIGH
CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

pub. 2026-03-27
7.5
CVSS
HIGH
CVE-2024-36737

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.

pub. 2024-06-06
7.5
CVSS
HIGH
CVE-2022-22562

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.

pub. 2022-04-12
7.5
CVSS
HIGH
CVE-2022-24412

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.

pub. 2022-04-12
7.3
CVSS
HIGH
CVE-2026-4736

Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H‎, nft_byteorder.C‎, nft_meta.C‎. This issue affects Echo-Mate: before V250329.

pub. 2026-03-24
6.6
CVSS
MEDIUM
CVE-2024-29460

An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.

pub. 2024-04-10
6.6
CVSS
MEDIUM
CVE-2024-0607

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

pub. 2024-01-18
5.8
CVSS
MEDIUM
CVE-2025-20268

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists because the URL string is not fully parsed. An attacker could exploit this vulnerability by sending a crafted HTTP connection through the targeted device. A successful exploit could allow the attacker to bypass configured policies and gain access to a network where the connection should have been denied.

pub. 2025-08-14
5.8
CVSS
MEDIUM
CVE-2024-20431

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected device.

pub. 2024-10-23
5.6
CVSS
MEDIUM
CVE-2024-30800

PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function.

pub. 2024-04-23
5.5
CVSS
MEDIUM
CVE-2024-30917

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.

pub. 2024-04-11
5.3
CVSS
MEDIUM
CVE-2022-4851

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.

pub. 2022-12-29
1.8
CVSS
LOW
CVE-2025-31648

Nieprawidłowa obsługa wartości w przepływie mikrokodu dla niektórych rodzin procesorów Intel(R) może prowadzić do eskalacji uprawnień. Kod uruchomienia (startup code) i smm adversary w połączeniu z użytkownikiem uprzywilejowanym oraz atakiem o wysokiej złożoności mogą umożliwić eskalację uprawnień. Atak wymaga dostępu lokalnego, specjalnej wewnętrznej wiedzy i nie wymaga interakcji użytkownika. Potencjalna luka może wpłynąć na poufność (niski poziom), integralność (niski poziom) i dostępność (brak) systemu, powodując następnie niski poziom wpływu na poufność, integralność i brak wpływu na dostępność systemu.

pub. 2026-02-10
Informacje
ID: CWE-229
Typ: Base
Podatności: 18
MITRE CWE ↗
← Słownik CWE
CWE-229 — Nieprawidłowa obsługa wartości | Słownik CWE | CVEbaza.pl