CWE

Improper Handling of Undefined Values

ID: 232		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Base

Description

The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-232 ChildOf CWE-896	Category	CWE-888

Demonstrative Examples   (Details)

1. In the excerpt below, if the value of the address parameter is null (undefined), the servlet will throw a NullPointerException.

Observed Examples

1. CVE-2000-1003 : Client crash when server returns unknown driver type.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Undefined Value Error
CERT Java Secure Coding	ERR08-J	Do not catch NullPointerException or any of its ancestors

References:
None