VYPR

CWE-354

Improper Validation of Integrity Check Value

BaseDraftLikelihood: Medium

Description

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-145 · CAPEC-463 · CAPEC-75

CVEs mapped to this weakness (56)

page 2 of 3
  • CVE-2024-47935MedFeb 17, 2025
    risk 0.44cvss 6.7epss 0.00

    Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. The attacker needs to hijack the DLL file in advance. This issue…

  • CVE-2026-32105HigApr 17, 2026
    risk 0.43cvss 7.7epss 0.00

    xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the…

  • CVE-2024-34714HigMay 14, 2024
    risk 0.42cvss 7.6epss 0.00

    The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the…

  • CVE-2020-26141MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2…

  • CVE-2026-34181HigJun 9, 2026
    risk 0.41cvss 7.4epss 0.00

    Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user…

  • CVE-2026-8597HigMay 14, 2026
    risk 0.40cvss 7.2epss 0.00

    Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a…

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.93

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2025-24148MedMar 31, 2025
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks.

  • CVE-2017-9498MedJul 31, 2017
    risk 0.36cvss 5.5epss 0.00

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving…

  • CVE-2026-32148MedApr 30, 2026
    risk 0.31cvss 5.9epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked…

  • CVE-2018-1000159MedApr 18, 2018
    risk 0.31cvss 5.9epss 0.01

    tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len -…

  • CVE-2025-4418MedJun 12, 2025
    risk 0.29cvss 4.4epss 0.00

    An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges to modify PI Connector for CygNet local data files (cache and buffers) in a…

  • CVE-2018-5382MedApr 16, 2018
    risk 0.29cvss 4.4epss 0.00

    The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated…

  • CVE-2023-50738MedJan 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.

  • CVE-2024-47211MedOct 4, 2024
    risk 0.28cvss 5.3epss 0.01

    In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

  • CVE-2026-5504MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated.

  • CVE-2017-12973LowAug 20, 2017
    risk 0.20cvss 3.1epss 0.01

    Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

  • CVE-2025-4616LowNov 14, 2025
    risk 0.07cvss epss 0.00

    An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.

  • CVE-2026-33542Mar 26, 2026
    risk 0.00cvss epss 0.00

    Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to…

  • CVE-2026-28498Mar 16, 2026
    risk 0.00cvss epss 0.00

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash…