CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE VIEW: Weaknesses in Software Written in C

View ID: 658
Type: Implicit
Status: Draft
+ Objective
This view (slice) covers issues that are found in C programs that are not common to all languages.
+ Filter
/Weakness_Catalog/Weaknesses/Weakness[./Applicable_Platforms/Language/@Name='C']
+ Membership
NatureTypeIDName
HasMemberBaseBase14Compiler Removal of Code to Clear Buffers
HasMemberClassClass119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberBaseBase120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberVariantVariant121Stack-based Buffer Overflow
HasMemberVariantVariant122Heap-based Buffer Overflow
HasMemberBaseBase123Write-what-where Condition
HasMemberBaseBase124Buffer Underwrite ('Buffer Underflow')
HasMemberBaseBase125Out-of-bounds Read
HasMemberVariantVariant126Buffer Over-read
HasMemberVariantVariant127Buffer Under-read
HasMemberBaseBase128Wrap-around Error
HasMemberBaseBase129Improper Validation of Array Index
HasMemberBaseBase130Improper Handling of Length Parameter Inconsistency
HasMemberBaseBase131Incorrect Calculation of Buffer Size
HasMemberBaseBase134Use of Externally-Controlled Format String
HasMemberBaseBase135Incorrect Calculation of Multi-Byte String Length
HasMemberBaseBase170Improper Null Termination
HasMemberBaseBase188Reliance on Data/Memory Layout
HasMemberBaseBase191Integer Underflow (Wrap or Wraparound)
HasMemberClassClass192Integer Coercion Error
HasMemberBaseBase194Unexpected Sign Extension
HasMemberVariantVariant195Signed to Unsigned Conversion Error
HasMemberVariantVariant196Unsigned to Signed Conversion Error
HasMemberBaseBase197Numeric Truncation Error
HasMemberBaseBase242Use of Inherently Dangerous Function
HasMemberVariantVariant243Creation of chroot Jail Without Changing Working Directory
HasMemberVariantVariant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase364Signal Handler Race Condition
HasMemberBaseBase365Race Condition in Switch
HasMemberBaseBase366Race Condition within a Thread
HasMemberBaseBase374Passing Mutable Objects to an Untrusted Method
HasMemberBaseBase375Returning a Mutable Object to an Untrusted Caller
HasMemberBaseBase401Improper Release of Memory Before Removing Last Reference ('Memory Leak')
HasMemberVariantVariant415Double Free
HasMemberBaseBase416Use After Free
HasMemberVariantVariant457Use of Uninitialized Variable
HasMemberVariantVariant460Improper Cleanup on Thrown Exception
HasMemberBaseBase462Duplicate Key in Associative List (Alist)
HasMemberBaseBase463Deletion of Data Structure Sentinel
HasMemberBaseBase464Addition of Data Structure Sentinel
HasMemberBaseBase466Return of Pointer Value Outside of Expected Range
HasMemberVariantVariant467Use of sizeof() on a Pointer Type
HasMemberBaseBase468Incorrect Pointer Scaling
HasMemberBaseBase469Use of Pointer Subtraction to Determine Size
HasMemberBaseBase474Use of Function with Inconsistent Implementations
HasMemberBaseBase476NULL Pointer Dereference
HasMemberVariantVariant478Missing Default Case in Switch Statement
HasMemberVariantVariant479Signal Handler Use of a Non-reentrant Function
HasMemberBaseBase480Use of Incorrect Operator
HasMemberVariantVariant481Assigning instead of Comparing
HasMemberVariantVariant482Comparing instead of Assigning
HasMemberVariantVariant483Incorrect Block Delimitation
HasMemberBaseBase484Omitted Break Statement in Switch
HasMemberVariantVariant495Private Array-Typed Field Returned From A Public Method
HasMemberVariantVariant496Public Data Assigned to Private Array-Typed Field
HasMemberVariantVariant558Use of getlogin() in Multithreaded Application
HasMemberVariantVariant560Use of umask() with chmod-style Argument
HasMemberBaseBase562Return of Stack Variable Address
HasMemberBaseBase587Assignment of a Fixed Address to a Pointer
HasMemberBaseBase676Use of Potentially Dangerous Function
HasMemberVariantVariant685Function Call With Incorrect Number of Arguments
HasMemberVariantVariant688Function Call With Incorrect Variable or Reference as Argument
HasMemberCompositeComposite689Permission Race Condition During Resource Copy
HasMemberChainChain690Unchecked Return Value to NULL Pointer Dereference
HasMemberClassClass704Incorrect Type Conversion or Cast
HasMemberBaseBase733Compiler Optimization Removal or Modification of Security-critical Code
HasMemberVariantVariant762Mismatched Memory Management Routines
HasMemberVariantVariant781Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
HasMemberVariantVariant782Exposed IOCTL with Insufficient Access Control
HasMemberVariantVariant783Operator Precedence Logic Error
HasMemberVariantVariant785Use of Path Manipulation Function without Maximum-sized Buffer
HasMemberVariantVariant789Uncontrolled Memory Allocation
HasMemberBaseBase805Buffer Access with Incorrect Length Value
HasMemberVariantVariant806Buffer Access Using Size of Source Buffer
HasMemberBaseBase839Numeric Range Comparison Without Minimum Check
HasMemberBaseBase843Access of Resource Using Incompatible Type ('Type Confusion')
HasMemberBaseBase910Use of Expired File Descriptor
HasMemberBaseBase911Improper Update of Reference Count
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITRE
updated Description, Name, View_Filter, View_Structure
Previous Entry Names
Change DatePrevious Entry Name
2008-09-09Weaknesses found in the C Language
+ View Metrics
CWEs in this viewTotal CWEs
Total79out of982
Weaknesses79out of 714
Categories0out of 237
Views0out of 31

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017