CWE · MITRE source
CWE-130Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2025-14847 KEV | 8.1 | 7.5 | 0.7670 | 2025-12-19 |
CVE-2022-2714 | 2.0 | 9.8 | 0.0042 | 2022-09-06 |
CVE-2026-41898 | 2.0 | 9.8 | 0.0006 | 2026-04-24 |
CVE-2019-3862 | 1.9 | 7.3 | 0.0656 | 2019-03-21 |
CVE-2024-39614 | 1.9 | 7.5 | 0.0684 | 2024-07-10 |
CVE-2022-1543 | 1.8 | 8.8 | 0.0041 | 2022-04-29 |
CVE-2026-22046 | 1.8 | 8.8 | 0.0010 | 2026-01-07 |
CVE-2026-22047 | 1.8 | 8.8 | 0.0013 | 2026-01-07 |
CVE-2026-22255 | 1.8 | 8.8 | 0.0004 | 2026-01-08 |
CVE-2026-22861 | 1.8 | 8.8 | 0.0006 | 2026-01-13 |
CVE-2022-24666 | 1.7 | 7.5 | 0.0259 | 2022-02-09 |
CVE-2022-20870 | 1.7 | 8.6 | 0.0046 | 2022-10-10 |
CVE-2024-37988 | 1.7 | 8.0 | 0.0187 | 2024-07-09 |
CVE-2024-37989 | 1.7 | 8.0 | 0.0187 | 2024-07-09 |
CVE-2024-38010 | 1.7 | 8.0 | 0.0187 | 2024-07-09 |
CVE-2024-38011 | 1.7 | 8.0 | 0.0138 | 2024-07-09 |
CVE-2026-5367 | 1.7 | 8.6 | 0.0006 | 2026-04-24 |
CVE-2021-20588 | 1.6 | 7.5 | 0.0102 | 2021-02-19 |
CVE-2021-35516 | 1.6 | 7.5 | 0.0174 | 2021-07-13 |
CVE-2021-35517 | 1.6 | 7.5 | 0.0132 | 2021-07-13 |
CVE-2022-0618 | 1.6 | 7.5 | 0.0102 | 2022-03-10 |
CVE-2022-36788 | 1.6 | 8.1 | 0.0027 | 2023-04-20 |
CVE-2023-52547 | 1.6 | 7.8 | 0.0003 | 2024-05-28 |
CVE-2024-37305 | 1.6 | 8.2 | 0.0014 | 2024-06-17 |
CVE-2024-41990 | 1.6 | 7.5 | 0.0133 | 2024-08-07 |