Variant weakness
Draft
Log in
The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.
Last updated
CWE-198 (Use of Incorrect Byte Ordering) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
1 recorded CVEs are caused by CWE-198 (Use of Incorrect Byte Ordering). The highest-severity and most recent are shown first. 0 new CWE-198 CVEs have been recorded so far in 2026 (1 in 2025).
What can happen when CWE-198 is exploited.
Unexpected State
Affects: Integrity
Typically introduced during these phases of the software lifecycle.
Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods.
Common questions about CWE-198.
The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.
1 recorded CVEs are attributed to CWE-198, including CVE-2025-52980.
Black Box: Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods.
Exploiting CWE-198 can lead to: Unexpected State.
1 recorded CVEs are caused by CWE-198; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-198 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.