CWE-228
Allowed-with-ReviewImproper Handling of Syntactically Invalid Structure
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
35 vulnerabilities reference this CWE, most recent first.
GHSA-RFQP-64PG-M8XM
Vulnerability from github – Published: 2025-10-15 18:31 – Updated: 2025-10-15 18:31Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
{
"affected": [],
"aliases": [
"CVE-2025-2529"
],
"database_specific": {
"cwe_ids": [
"CWE-228"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T16:15:34Z",
"severity": "LOW"
},
"details": "Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.",
"id": "GHSA-rfqp-64pg-m8xm",
"modified": "2025-10-15T18:31:50Z",
"published": "2025-10-15T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2529"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7247977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RJ85-C5H6-PFRR
Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS Evolved
- All versions earlier than 21.2R3-S7-EVO;
- 21.3 versions earlier than 21.3R3-S5-EVO ;
- 21.4 versions earlier than 21.4R3-S5-EVO;
- 22.1 versions earlier than 22.1R3-S4-EVO;
- 22.2 versions earlier than 22.2R3-S3-EVO ;
- 22.3 versions earlier than 22.3R3-EVO;
- 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-21612"
],
"database_specific": {
"cwe_ids": [
"CWE-228"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T01:15:49Z",
"severity": "HIGH"
},
"details": "\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n",
"id": "GHSA-rj85-c5h6-pfrr",
"modified": "2024-01-12T03:30:49Z",
"published": "2024-01-12T03:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21612"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA75753"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8XV-RWGF-4FWH
Vulnerability from github – Published: 2025-01-14 16:32 – Updated: 2025-01-15 15:26Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constraint isn't met.
Importantly, these constraints are actually required to be true in DER, but that correctness wasn't enforced on the early node parser side so it was incorrect to rely on it later on in decoding, which is what the library did.
These crashes can be triggered when parsing any DER/BER format object. There is no memory-safety issue here: the crash is a graceful one from the Swift runtime. The impact of this is that it can be used as a denial-of-service vector when parsing BER/DER data from unknown sources, e.g. when parsing TLS certificates.
Many thanks to @baarde for reporting this issue and providing the fix.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.3.0"
},
"package": {
"ecosystem": "SwiftURL",
"name": "github.com/apple/swift-asn1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-0343"
],
"database_specific": {
"cwe_ids": [
"CWE-228"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-14T16:32:07Z",
"nvd_published_at": "2025-01-15T01:15:13Z",
"severity": "LOW"
},
"details": "Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a `preconditionFailure` if that constraint isn\u0027t met.\n\nImportantly, these constraints are actually required to be true in DER, but that correctness wasn\u0027t enforced on the early node parser side so it was incorrect to rely on it later on in decoding, which is what the library did.\n\nThese crashes can be triggered when parsing any DER/BER format object. There is no memory-safety issue here: the crash is a graceful one from the Swift runtime. The impact of this is that it can be used as a denial-of-service vector when parsing BER/DER data from unknown sources, e.g. when parsing TLS certificates.\n\nMany thanks to @baarde for reporting this issue and providing the fix.",
"id": "GHSA-w8xv-rwgf-4fwh",
"modified": "2025-01-15T15:26:01Z",
"published": "2025-01-14T16:32:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apple/swift-asn1/security/advisories/GHSA-w8xv-rwgf-4fwh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0343"
},
{
"type": "WEB",
"url": "https://github.com/apple/swift-asn1/commit/ae33e5941bb88d88538d0a6b19ca0b01e6c76dcf"
},
{
"type": "PACKAGE",
"url": "https://github.com/apple/swift-asn1"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER"
}
GHSA-X5RC-P5HC-WC9M
Vulnerability from github – Published: 2025-03-14 18:30 – Updated: 2025-03-14 18:30An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
{
"affected": [],
"aliases": [
"CVE-2024-55594"
],
"database_specific": {
"cwe_ids": [
"CWE-228"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-14T17:15:48Z",
"severity": "MODERATE"
},
"details": "An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.",
"id": "GHSA-x5rc-p5hc-wc9m",
"modified": "2025-03-14T18:30:50Z",
"published": "2025-03-14T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55594"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XHPP-8GQ6-3HF5
Vulnerability from github – Published: 2023-09-13 15:31 – Updated: 2024-09-11 18:30NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.
{
"affected": [],
"aliases": [
"CVE-2023-39915"
],
"database_specific": {
"cwe_ids": [
"CWE-228",
"CWE-232"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-13T15:15:07Z",
"severity": "HIGH"
},
"details": "NLnet Labs\u2019 Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.",
"id": "GHSA-xhpp-8gq6-3hf5",
"modified": "2024-09-11T18:30:59Z",
"published": "2023-09-13T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39915"
},
{
"type": "WEB",
"url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.