Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE VIEW: Weaknesses in Software Written in C++

View ID: 659
Type: Implicit
Status: Draft
Downloads: Booklet | CSV | XML
+ Objective
This view (slice) covers issues that are found in C++ programs that are not common to all languages.
+ Filter
+ Membership
HasMemberBaseBase14Compiler Removal of Code to Clear Buffers
HasMemberClassClass119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberBaseBase120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberVariantVariant121Stack-based Buffer Overflow
HasMemberVariantVariant122Heap-based Buffer Overflow
HasMemberBaseBase123Write-what-where Condition
HasMemberBaseBase124Buffer Underwrite ('Buffer Underflow')
HasMemberBaseBase125Out-of-bounds Read
HasMemberVariantVariant126Buffer Over-read
HasMemberVariantVariant127Buffer Under-read
HasMemberBaseBase128Wrap-around Error
HasMemberBaseBase129Improper Validation of Array Index
HasMemberBaseBase130Improper Handling of Length Parameter Inconsistency
HasMemberBaseBase131Incorrect Calculation of Buffer Size
HasMemberBaseBase134Use of Externally-Controlled Format String
HasMemberBaseBase135Incorrect Calculation of Multi-Byte String Length
HasMemberBaseBase170Improper Null Termination
HasMemberBaseBase188Reliance on Data/Memory Layout
HasMemberBaseBase191Integer Underflow (Wrap or Wraparound)
HasMemberClassClass192Integer Coercion Error
HasMemberBaseBase194Unexpected Sign Extension
HasMemberVariantVariant195Signed to Unsigned Conversion Error
HasMemberVariantVariant196Unsigned to Signed Conversion Error
HasMemberBaseBase197Numeric Truncation Error
HasMemberBaseBase242Use of Inherently Dangerous Function
HasMemberVariantVariant243Creation of chroot Jail Without Changing Working Directory
HasMemberVariantVariant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
HasMemberBaseBase248Uncaught Exception
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase364Signal Handler Race Condition
HasMemberBaseBase365Race Condition in Switch
HasMemberBaseBase366Race Condition within a Thread
HasMemberBaseBase374Passing Mutable Objects to an Untrusted Method
HasMemberBaseBase375Returning a Mutable Object to an Untrusted Caller
HasMemberBaseBase396Declaration of Catch for Generic Exception
HasMemberBaseBase397Declaration of Throws for Generic Exception
HasMemberBaseBase401Improper Release of Memory Before Removing Last Reference ('Memory Leak')
HasMemberVariantVariant415Double Free
HasMemberBaseBase416Use After Free
HasMemberVariantVariant457Use of Uninitialized Variable
HasMemberVariantVariant460Improper Cleanup on Thrown Exception
HasMemberBaseBase462Duplicate Key in Associative List (Alist)
HasMemberBaseBase463Deletion of Data Structure Sentinel
HasMemberBaseBase464Addition of Data Structure Sentinel
HasMemberBaseBase466Return of Pointer Value Outside of Expected Range
HasMemberVariantVariant467Use of sizeof() on a Pointer Type
HasMemberBaseBase468Incorrect Pointer Scaling
HasMemberBaseBase469Use of Pointer Subtraction to Determine Size
HasMemberBaseBase476NULL Pointer Dereference
HasMemberVariantVariant478Missing Default Case in Switch Statement
HasMemberVariantVariant479Signal Handler Use of a Non-reentrant Function
HasMemberBaseBase480Use of Incorrect Operator
HasMemberVariantVariant481Assigning instead of Comparing
HasMemberVariantVariant482Comparing instead of Assigning
HasMemberVariantVariant483Incorrect Block Delimitation
HasMemberBaseBase484Omitted Break Statement in Switch
HasMemberVariantVariant493Critical Public Variable Without Final Modifier
HasMemberVariantVariant495Private Array-Typed Field Returned From A Public Method
HasMemberVariantVariant496Public Data Assigned to Private Array-Typed Field
HasMemberVariantVariant498Cloneable Class Containing Sensitive Information
HasMemberVariantVariant500Public Static Field Not Marked Final
HasMemberVariantVariant543Use of Singleton Pattern Without Synchronization in a Multithreaded Context
HasMemberVariantVariant558Use of getlogin() in Multithreaded Application
HasMemberBaseBase562Return of Stack Variable Address
HasMemberBaseBase587Assignment of a Fixed Address to a Pointer
HasMemberBaseBase676Use of Potentially Dangerous Function
HasMemberChainChain690Unchecked Return Value to NULL Pointer Dereference
HasMemberClassClass704Incorrect Type Conversion or Cast
HasMemberBaseBase733Compiler Optimization Removal or Modification of Security-critical Code
HasMemberVariantVariant762Mismatched Memory Management Routines
HasMemberVariantVariant766Critical Variable Declared Public
HasMemberVariantVariant767Access to Critical Private Variable via Public Method
HasMemberVariantVariant781Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
HasMemberVariantVariant782Exposed IOCTL with Insufficient Access Control
HasMemberVariantVariant783Operator Precedence Logic Error
HasMemberVariantVariant785Use of Path Manipulation Function without Maximum-sized Buffer
HasMemberVariantVariant789Uncontrolled Memory Allocation
HasMemberBaseBase805Buffer Access with Incorrect Length Value
HasMemberVariantVariant806Buffer Access Using Size of Source Buffer
HasMemberBaseBase839Numeric Range Comparison Without Minimum Check
HasMemberBaseBase843Access of Resource Using Incompatible Type ('Type Confusion')
HasMemberBaseBase910Use of Expired File Descriptor
HasMemberBaseBase911Improper Update of Reference Count
+ View Metrics
CWEs in this viewTotal CWEs
Weaknesses83out of 714
Categories0out of 237
Views0out of 31
Total83out of982
+ Content History
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Description, Name, View_Filter, View_Structure
Previous Entry Names
Change DatePrevious Entry Name
2008-09-09Weaknesses found in the C++ Language

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018