1. Home
  2. CWE Database
  3. CWE-231
Variant · Low-Medium

CWE-231: Improper Handling of Extra Values

The product does not handle or incorrectly handles when more values are provided than expected.

CWE-231 · Variant Level

Description

The product does not handle or incorrectly handles when more values are provided than expected.

Potential Impact

Integrity

Unexpected State

CWE-229: Improper Handling of Values

The product does not properly handle when the expected number of values for parameters, fields, or arguments is not prov...

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than ...

Taxonomy Mappings

  • PLOVER: — Extra Value Error

Frequently Asked Questions

What is CWE-231?

CWE-231 (Improper Handling of Extra Values) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not handle or incorrectly handles when more values are provided than expected.

How can CWE-231 be exploited?

Attackers can exploit CWE-231 (Improper Handling of Extra Values) to unexpected state. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-231?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-231?

CWE-231 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.