CWE-115

BaseIncomplete

Misinterpretation of Input

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

1 related weaknesses

IntegrityUnexpected State

FuzzingEffectiveness: High

Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

Modes of Introduction

Architecture and DesignImplementation

Related Weaknesses

CWE-436ChildOf

Example CVEs (2)

CVE-2005-2225

Product sees dangerous file extension in free text of a group discussion, disconnects all users.

CVE-2001-0003

Product does not correctly import and process security settings from another product.

External Links

MITRE CWE Database