VYPR

CWE-232

Improper Handling of Undefined Values

VariantDraft

Description

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (5)

  • CVE-2025-20192HigMay 7, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. …

  • CVE-2025-40775HigMay 21, 2025
    risk 0.49cvss 7.5epss 0.12

    When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and…

  • CVE-2025-20314MedSep 24, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is…

  • CVE-2023-39914Sep 13, 2023
    risk 0.00cvss epss 0.01

    NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

  • CVE-2023-2968May 30, 2023
    risk 0.00cvss epss 0.01

    A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.