VYPR

CWE-228

Improper Handling of Syntactically Invalid Structure

ClassIncomplete

Description

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

Hierarchy (View 1000)

CVEs mapped to this weakness (11)

  • CVE-2026-42100HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.  The vendor was notified early…

  • CVE-2018-5381MedFeb 19, 2018
    risk 0.45cvss 6.5epss 0.31

    The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have…

  • CVE-2025-59174MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

  • CVE-2026-25657MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the…

  • CVE-2026-34232HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the…

  • CVE-2025-0343HigJan 15, 2025
    risk 0.42cvss 7.5epss 0.00

    Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure…

  • CVE-2024-53828MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.00

    Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

  • CVE-2025-47736LowMay 9, 2025
    risk 0.19cvss 2.9epss 0.00

    dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.

  • CVE-2024-6382Jul 2, 2024
    risk 0.00cvss epss 0.00

    Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

  • CVE-2023-39914Sep 13, 2023
    risk 0.00cvss epss 0.01

    NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

  • CVE-2020-27847May 28, 2021
    risk 0.00cvss epss 0.02

    A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system…