CWE-354

Improper Validation of Integrity Check Value

Base

Draft

Description

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.

Parent Weaknesses (ChildOf)

CWE-345: Insufficient Verification of D...

CWE-754: Improper Check for Unusual or ...

Related Weaknesses

CWE-353 (PeerOf)

Common Consequences

Scope

Integrity

Other

Impact

Modify Application Data, Other

Scope

Integrity

Other

Impact

Other

Scope

Non-Repudiation

Other

Impact

Hide Activities, Other

Potential Mitigations

Implementation

Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.

CVE-2024-47573

network analysis tool does not properly validate an integrity check value, allowing installation of malicious firmware

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-354

Improper Validation of Integrity Check Value

Description

Relationships

Common Consequences

Potential Mitigations

Related CVEs

Applicable Platforms