CWE-240: Improper Handling of Inconsistent Structural Elements
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.
常见后果
影响范围: Integrity Other
技术影响: Varies by Context Unexpected State
观察示例
参考: CVE-2014-0160
Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.
参考: CVE-2009-2299
Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Inconsistent Elements | - |