CWE-241
Improper Handling of Unexpected Data Type
BaseDraft
Description
The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-48
CVEs mapped to this weakness (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-63548 | Hig | 0.49 | 7.5 | 0.00 | May 1, 2026 | An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field. | |
| CVE-2024-21526 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2024 | All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash. | |
| CVE-2024-21523 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2024 | All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash. | |
| CVE-2024-0151 | Med | 0.42 | 6.5 | 0.00 | Apr 24, 2024 | Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state. | |
| CVE-2024-21935 | Med | 0.33 | 5.0 | 0.00 | Sep 23, 2025 | Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption. | |
| CVE-2024-21927 | Med | 0.33 | 5.0 | 0.00 | Sep 23, 2025 | Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. | |
| CVE-2024-32268 | Low | 0.21 | 3.3 | 0.00 | Apr 29, 2024 | An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component. | |
| CVE-2025-7339 | Low | 0.15 | 3.4 | 0.00 | Jul 17, 2025 | on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array. |