CWE

Improper Handling of Undefined Parameters

ID: 236		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Base

Description

The software does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-236 ChildOf CWE-896	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. CVE-2002-1488 : Crash in IRC client via PART message from a channel the user is not in.
2. CVE-2001-0650 : Router crash or bad route modification using BGP updates with invalid transitive attribute.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Undefined Parameter Error

References:
None