CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE VIEW: Weaknesses in Software Written in C

View ID: 658
Structure: Implicit Slice
Status: Draft
Presentation Filter:
+ View Data

View Objective

This view (slice) covers issues that are found in C programs that are not common to all languages.

View Filter: .//Applicable_Platforms//@Language_Name='C'

+ Relationships
Weakness BaseWeakness Base Access of Resource Using Incompatible Type ('Type Confusion') - (843)
Weakness BaseWeakness Base Addition of Data Structure Sentinel - (464)
Weakness VariantWeakness Variant Assigning instead of Comparing - (481)
Weakness BaseWeakness Base Assignment of a Fixed Address to a Pointer - (587)
Weakness VariantWeakness Variant Buffer Access Using Size of Source Buffer - (806)
Weakness BaseWeakness Base Buffer Access with Incorrect Length Value - (805)
Weakness BaseWeakness Base Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)
Weakness VariantWeakness Variant Buffer Over-read - (126)
Weakness VariantWeakness Variant Buffer Under-read - (127)
Weakness BaseWeakness Base Buffer Underwrite ('Buffer Underflow') - (124)
Weakness VariantWeakness Variant Comparing instead of Assigning - (482)
Weakness BaseWeakness Base Compiler Optimization Removal or Modification of Security-critical Code - (733)
Weakness BaseWeakness Base Compiler Removal of Code to Clear Buffers - (14)
Weakness ClassWeakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)
Weakness VariantWeakness Variant Creation of chroot Jail Without Changing Working Directory - (243)
Weakness BaseWeakness Base Deletion of Data Structure Sentinel - (463)
Weakness VariantWeakness Variant Double Free - (415)
Weakness BaseWeakness Base Duplicate Key in Associative List (Alist) - (462)
Weakness VariantWeakness Variant Exposed IOCTL with Insufficient Access Control - (782)
Weakness VariantWeakness Variant Function Call With Incorrect Number of Arguments - (685)
Weakness VariantWeakness Variant Function Call With Incorrect Variable or Reference as Argument - (688)
Weakness VariantWeakness Variant Heap-based Buffer Overflow - (122)
Weakness VariantWeakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)
Weakness VariantWeakness Variant Improper Cleanup on Thrown Exception - (460)
Weakness VariantWeakness Variant Improper Clearing of Heap Memory Before Release ('Heap Inspection') - (244)
Weakness BaseWeakness Base Improper Handling of Length Parameter Inconsistency - (130)
Weakness BaseWeakness Base Improper Null Termination - (170)
Weakness BaseWeakness Base Improper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)
Weakness ClassWeakness Class Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)
Weakness BaseWeakness Base Improper Update of Reference Count - (911)
Weakness BaseWeakness Base Improper Validation of Array Index - (129)
Weakness VariantWeakness Variant Incorrect Block Delimitation - (483)
Weakness BaseWeakness Base Incorrect Calculation of Buffer Size - (131)
Weakness BaseWeakness Base Incorrect Calculation of Multi-Byte String Length - (135)
Weakness BaseWeakness Base Incorrect Pointer Scaling - (468)
Weakness ClassWeakness Class Incorrect Type Conversion or Cast - (704)
CategoryCategory Integer Coercion Error - (192)
Weakness BaseWeakness Base Integer Underflow (Wrap or Wraparound) - (191)
Weakness VariantWeakness Variant Mismatched Memory Management Routines - (762)
Weakness VariantWeakness Variant Missing Default Case in Switch Statement - (478)
Weakness BaseWeakness Base NULL Pointer Dereference - (476)
Weakness BaseWeakness Base Numeric Range Comparison Without Minimum Check - (839)
Weakness BaseWeakness Base Numeric Truncation Error - (197)
CategoryCategory Often Misused: String Management - (251)
Weakness BaseWeakness Base Omitted Break Statement in Switch - (484)
Weakness VariantWeakness Variant Operator Precedence Logic Error - (783)
Weakness BaseWeakness Base Out-of-bounds Read - (125)
Weakness BaseWeakness Base Passing Mutable Objects to an Untrusted Method - (374)
Compound Element: CompositeCompound Element: Composite Permission Race Condition During Resource Copy - (689)
Weakness VariantWeakness Variant Private Array-Typed Field Returned From A Public Method - (495)
Weakness VariantWeakness Variant Public Data Assigned to Private Array-Typed Field - (496)
Weakness BaseWeakness Base Race Condition in Switch - (365)
Weakness BaseWeakness Base Race Condition within a Thread - (366)
Weakness BaseWeakness Base Reliance on Data/Memory Layout - (188)
Weakness BaseWeakness Base Return of Pointer Value Outside of Expected Range - (466)
Weakness BaseWeakness Base Return of Stack Variable Address - (562)
Weakness BaseWeakness Base Returning a Mutable Object to an Untrusted Caller - (375)
CategoryCategory Signal Errors - (387)
Weakness BaseWeakness Base Signal Handler Race Condition - (364)
Weakness VariantWeakness Variant Signal Handler Use of a Non-reentrant Function - (479)
Weakness VariantWeakness Variant Signed to Unsigned Conversion Error - (195)
Weakness VariantWeakness Variant Stack-based Buffer Overflow - (121)
Compound Element: ChainCompound Element: Chain Unchecked Return Value to NULL Pointer Dereference - (690)
Weakness VariantWeakness Variant Uncontrolled Memory Allocation - (789)
Weakness BaseWeakness Base Unexpected Sign Extension - (194)
Weakness VariantWeakness Variant Unsigned to Signed Conversion Error - (196)
Weakness BaseWeakness Base Use After Free - (416)
Weakness BaseWeakness Base Use of Expired File Descriptor - (910)
Weakness BaseWeakness Base Use of Externally-Controlled Format String - (134)
Weakness BaseWeakness Base Use of Function with Inconsistent Implementations - (474)
Weakness VariantWeakness Variant Use of getlogin() in Multithreaded Application - (558)
Weakness BaseWeakness Base Use of Incorrect Operator - (480)
Weakness BaseWeakness Base Use of Inherently Dangerous Function - (242)
Weakness VariantWeakness Variant Use of Path Manipulation Function without Maximum-sized Buffer - (785)
Weakness BaseWeakness Base Use of Pointer Subtraction to Determine Size - (469)
Weakness BaseWeakness Base Use of Potentially Dangerous Function - (676)
Weakness VariantWeakness Variant Use of sizeof() on a Pointer Type - (467)
Weakness VariantWeakness Variant Use of umask() with chmod-style Argument - (560)
Weakness VariantWeakness Variant Use of Uninitialized Variable - (457)
Weakness BaseWeakness Base Wrap-around Error - (128)
Weakness BaseWeakness Base Write-what-where Condition - (123)
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Description, Name, View_Filter, View_Structure
Previous Entry Names
Change DatePrevious Entry Name
2008-09-09Weaknesses found in the C Language
+ View Metrics
CWEs in this viewTotal CWEs
Total81out of1006
Views0out of33
Categories3out of245
Weaknesses76out of720
Compound_Elements2out of8

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017