CWE-1284: Improper Validation of Specified Quantity in Input
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
常见后果
影响范围: Other
技术影响: Varies by Context
说明: Since quantities are used so often to affect resource allocation or process financial data, they are often present in many places in the code.
潜在缓解措施
阶段: Implementation
策略: Input Validation
有效性: High
观察示例
参考: CVE-2019-19911
Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).
参考: CVE-2008-1440
lack of validation of length field leads to infinite loop
参考: CVE-2008-2374
lack of validation of string length fields allows memory consumption or buffer over-read
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |