CWE-234: Failure to Handle Missing Parameter
If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.
Last updated
Overview
CWE-234 (Failure to Handle Missing Parameter) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
2 recorded CVEs are caused by CWE-234 (Failure to Handle Missing Parameter). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-234 is exploited.
Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity
Affects: Integrity, Confidentiality, Availability, Access Control
There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted.
DoS: Crash, Exit, or Restart
Affects: Availability