1. Home
  2. CWE Database
  3. CWE-236
Variant · Low-Medium

CWE-236: Improper Handling of Undefined Parameters

The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.

CWE-236 · Variant Level ·2 CVEs

Description

The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.

Potential Impact

Integrity

Unexpected State

Real-World CVE Examples

CVE IDDescription
CVE-2002-1488Crash in IRC client via PART message from a channel the user is not in.
CVE-2001-0650Router crash or bad route modification using BGP updates with invalid transitive attribute.

CWE-233: Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in inp...

Taxonomy Mappings

  • PLOVER: — Undefined Parameter Error

Frequently Asked Questions

What is CWE-236?

CWE-236 (Improper Handling of Undefined Parameters) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.

How can CWE-236 be exploited?

Attackers can exploit CWE-236 (Improper Handling of Undefined Parameters) to unexpected state. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-236?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-236?

CWE-236 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 2 real-world CVEs.