CWE-168: Improper Handling of Inconsistent Special Elements
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.
扩展描述
An example of this problem would be if paired characters appear in the wrong order, or if the special characters are not properly nested.
常见后果
影响范围: Availability Access Control Non-Repudiation
技术影响: DoS: Crash, Exit, or Restart Bypass Protection Mechanism Hide Activities
潜在缓解措施
描述: Developers should anticipate that inconsistent special elements will be injected/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
阶段: Implementation
策略: Input Validation
阶段: Implementation
策略: Input Validation
描述: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Inconsistent Special Elements | - |