CWE
Home > CWE List > CWE-172 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-172 Individual Dictionary Definition (Draft 9)

Encoding Error
Weakness ID
Status: Draft

172 (Weakness Class)

Description

Summary

The software fails to properly handle encoding or decoding of the data, resulting in unexpected values.

Context Notes

Partially overlaps path traversal and equivalence weaknesses.

Many other types of encodings should be listed in this category.

Relationships
NatureTypeIDName
ChildOfCategoryCategory171Cleansing, Canonicalization, and Comparison Errors
CanAlsoBeWeakness ClassWeakness ClassWeakness Class21Pathname Traversal and Equivalence Errors
ParentOfWeakness VariantWeakness VariantWeakness Variant173Failure to Handle Alternate Encoding
ParentOfWeakness VariantWeakness VariantWeakness Variant174Double Decoding of the Same Data
ParentOfWeakness VariantWeakness VariantWeakness Variant175Failure to Handle Mixed Encoding
ParentOfWeakness VariantWeakness VariantWeakness Variant176Failure to Handle Unicode Encoding
ParentOfWeakness VariantWeakness VariantWeakness Variant177Failure to Handle URL Encoding (Hex Encoding)
Source Taxonomies

PLOVER - Encoding Error

Applicable Platforms

All

Related Attack Patterns
CAPEC-IDAttack Pattern Name
80Using UTF-8 Encoding to Bypass Validation Logic
71Using Unicode Encoding to Bypass Validation Logic
53Postfix, Null Terminate, and Backslash
72URL Encoding
64Using Slashes and URL Encoding Combined to Bypass Validation Logic
3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
78Using Escaped Slashes in Alternate Encoding
52Embedding NULL Bytes
Back to top
Page Last Updated: April 21, 2008
 

CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us