CWE-462 (Duplicate Key in Associative List (Alist)) is a common software weakness type identified by the CWE (Common Weakness Enumeration) dictionary. It helps developers understand security flaws and how to mitigate them.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (the root cause), while CVE refers to a specific instance of a vulnerability in a particular product or system.

CWE-462

Duplicate Key in Associative List (Alist)

Low Risk

Weakness Description

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.

Potential Mitigations

Architecture and Design

Use a hash table instead of an alist.

Architecture and Design

Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry.

Common Consequences

Other

Quality DegradationVaries by Context

Related Weaknesses

CWE-694

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Contact Us

Get in touch for collaboration

Homepage

Explore more security resources