1. Home
  2. CWE Database
  3. CWE-1288
Base · Medium

CWE-1288: Improper Validation of Consistency within Input

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

CWE-1288 · Base Level ·3 CVEs ·1 Mitigations

Description

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements. When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities.

Potential Impact

Other

Varies by Context

Mitigations & Prevention

Implementation High

Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across relat

Real-World CVE Examples

CVE IDDescription
CVE-2018-16733product does not validate that the start block appears before the end block
CVE-2006-3790size field that is inconsistent with packet size leads to buffer over-read
CVE-2008-4114system crash with offset value that is inconsistent with packet size

CWE-20: Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the ...

Frequently Asked Questions

What is CWE-1288?

CWE-1288 (Improper Validation of Consistency within Input) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

How can CWE-1288 be exploited?

Attackers can exploit CWE-1288 (Improper Validation of Consistency within Input) to varies by context. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-1288?

Key mitigations include: Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not stric

What is the severity of CWE-1288?

CWE-1288 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.