CWE-1284: Improper Validation of Specified Quantity in Input

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.

The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited.

This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.

Vulnerable example

/* board dimensions */
...

While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program.

The following code is a workflow job written using YAML. The code attempts to download pull request artifacts, unzip from the artifact called pr.zip and extract the value of the file NR into a variable "pr_number" that will be used later in another job. It attempts to create a github workflow environment variable, writing to $GITHUB_ENV. The environment variable value is retrieved from an external resource.

Vulnerable example

other

deploy:

The following PHP code could be from a shopping cart application. It allows users to apply a discount to an item.

Vulnerable example

php

$discount = $_POST['discount'];

CWE-1284: Improper Validation of Specified Quantity in Input | RadicalNotion.AI

CWE-1284: Improper Validation of Specified Quantity in Input

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Frequently asked questions

What is CWE-1284?

What CVEs are caused by CWE-1284?

How do you prevent CWE-1284?

How is CWE-1284 detected?

What are the consequences of CWE-1284?

Is CWE-1284 actively exploited?

References

Stay ahead of CWE-1284

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Can precede

Frequently asked questions

What is CWE-1284?

What CVEs are caused by CWE-1284?

How do you prevent CWE-1284?

How is CWE-1284 detected?

What are the consequences of CWE-1284?

Is CWE-1284 actively exploited?

References

Stay ahead of CWE-1284