CWE-238: Improper Handling of Incomplete Structural Elements

The product does not handle or incorrectly handles when a particular structural element is not completely specified.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-238 (Improper Handling of Incomplete Structural Elements) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Common consequences

What can happen when CWE-238 is exploited.

Unexpected State

Affects: Integrity

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

Terminology & mappings

Mapped taxonomies

PLOVER: Missing Element Error

CWE-238: Improper Handling of Incomplete Structural Elements

Overview

Common consequences

How it happens

When it is introduced

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-238?

What are the consequences of CWE-238?

References

Stay ahead of CWE-238

Overview

Common consequences

How it happens

When it is introduced

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-238?

What are the consequences of CWE-238?

References

Stay ahead of CWE-238