CWE-67: Improper Handling of Windows Device Names
low-riskThe product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
Abstraction: Variant
Common Consequences
Availability
→
DoS: Crash, Exit, or Restart
Real-World Examples (5)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-51745 | 10.0 | 0.3% | — |
| CVE-2024-35197 | 5.4 | 0.0% | — |
| CVE-2025-66221 | 5.3 | 0.0% | — |
| CVE-2026-21860 | 5.3 | 0.0% | — |
| CVE-2026-27199 | 5.3 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal