CWE-231 - Improper Handling of Extra Values
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Improper Handling of Extra Values
Description
The product does not handle or incorrectly handles when more values are provided than expected.
Common Consequences
Scope: Integrity
Impact: Unexpected State
Related Weaknesses
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')High
Oracle denies breach after hacker claims theft of 6 million data records
Microsoft confirms it's killing off Skype in May, after 14 years
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
GitHub Action supply chain attack exposed secrets in 218 repos
Microsoft Trusted Signing service abused to code-sign malware
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
Developer guilty of using kill switch to sabotage employer's systems
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-1057 Data Access Operations Outside of Expected Data Manager Component
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action