CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE CATEGORY: CERT C Secure Coding (2008 Version) Section 10 - Environment (ENV)

Category ID: 744
Status: Incomplete
+ Summary
Weaknesses in this category are related to rules in the environment section of the CERT C Secure Coding Standard, as published in 2008. Since not all rules map to specific weaknesses, this category may be incomplete.
+ Notes

Relationship

In the 2008 version of the CERT C Secure Coding standard, the following rules were mapped to the following CWE IDs:

  • CWE-78 ENV03-C Sanitize the environment when invoking external programs
  • CWE-78 ENV04-C Do not call system() if you do not need a command processor
  • CWE-88 ENV03-C Sanitize the environment when invoking external programs
  • CWE-88 ENV04-C Do not call system() if you do not need a command processor
  • CWE-119 ENV01-C Do not make assumptions about the size of an environment variable
  • CWE-426 ENV03-C Sanitize the environment when invoking external programs
  • CWE-462 ENV02-C Beware of multiple environment variables with the same effective name
  • CWE-705 ENV32-C All atexit handlers must return normally
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-11-24CWE Content TeamMITRE
Modifications
Modification DateModifierOrganizationSource
2017-11-08CWE Content TeamMITRE
updated Description, Name, Relationship_Notes
Previous Entry Names
Change DatePrevious Entry Name
2017-11-08CERT C Secure Coding Section 10 - Environment (ENV)

More information is available — Please select a different filter.
Page Last Updated: November 15, 2017