| CWE-168 |
The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words. |
| CWE-170 |
The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. |
| CWE-172 |
The software does not properly encode or decode the data, resulting in unexpected values. |
| CWE-173 |
The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent. |
| CWE-174 |
The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations. |
| CWE-175 |
The software does not properly handle when the same input uses several different (mixed) encodings. |
| CWE-176 |
The software does not properly handle when an input contains Unicode encoding. |
| CWE-177 |
The software does not properly handle when all or part of an input has been URL encoded. |
| CWE-178 |
The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results. |
| CWE-179 |
The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification. |
