CVEbaza.plSłownik CWECWE-168
Common Weakness Enumeration

CWE-168

Improper Handling of Inconsistent Special Elements

Kategoria: BaseCVE: 4
Opis

Produkt nie obsługuje prawidłowo danych wejściowych, w których istnieje niespójność między dwoma lub więcej znakami specjalnymi lub słowami zastrzeżonymi. Może to prowadzić do nieoczekiwanego zachowania lub luk bezpieczeństwa.

Description (EN)

The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.

Podatności CVE z CWE-168 (4)
7.5
CVSS
HIGH
CVE-2023-6245

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

pub. 2023-12-08
7.5
CVSS
HIGH
CVE-2023-36843

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3;

pub. 2023-10-12
6.9
CVSS
MEDIUM
CVE-2019-25620

Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.

pub. 2026-03-23
Informacje
ID: CWE-168
Typ: Base
Podatności: 4
MITRE CWE ↗
← Słownik CWE