CWE - CWE-743: CERT C Secure Coding Section 09

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-743: CERT C Secure Coding Section 09 - Input Output (FIO)

CERT C Secure Coding Section 09 - Input Output (FIO)

Category ID: 743 (Category)

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to rules in the input/output section of the CERT C Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ParentOf	Weakness Class	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	37	Path Traversal: '/absolute/pathname/here'	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	38	Path Traversal: '\absolute\pathname\here'	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	39	Path Traversal: 'C:dirname'	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	41	Improper Resolution of Path Equivalence	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	59	Improper Link Resolution Before File Access ('Link Following')	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	62	UNIX Hard Link	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	64	Windows Shortcut Following (.LNK)	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	65	Windows Hard Link	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	67	Improper Handling of Windows Device Names	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Class	119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Weaknesses Addressed by the CERT C Secure Coding Standard734
ParentOf	Weakness Base	134	Uncontrolled Format String	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	241	Improper Handling of Unexpected Data Type	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	276	Incorrect Default Permissions	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Variant	279	Incorrect Execution-Assigned Permissions	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Class	362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	367	Time-of-check Time-of-use (TOCTOU) Race Condition	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	379	Creation of Temporary File in Directory with Incorrect Permissions	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	391	Unchecked Error Condition	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	403	Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	404	Improper Resource Shutdown or Release	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	552	Files or Directories Accessible to External Parties	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Class	675	Duplicate Operations on Resource	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOf	Weakness Base	676	Use of Potentially Dangerous Function	Weaknesses Addressed by the CERT C Secure Coding Standard734
ParentOf	Weakness Variant	686	Function Call With Incorrect Argument Type	Weaknesses Addressed by the CERT C Secure Coding Standard734
ParentOf	Weakness Class	732	Incorrect Permission Assignment for Critical Resource	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
MemberOf	View	734	Weaknesses Addressed by the CERT C Secure Coding Standard	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734

References

CERT. "09. Input Output (FIO)". <https://www.securecoding.cert.org/confluence/display/seccode/09.+Input+Output+%28FIO%29>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-11-24			Internal CWE Team
2008-11-24
Modifications
Modification Date	Modifier	Organization	Source
2011-09-13	CWE Content Team	MITRE	Internal
2011-09-13	updated Relationships

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us