CWE - VIEW LIST: CWE-658: Weaknesses in Software Written in C (1.6)

Home > CWE List > VIEW LIST: CWE-658: Weaknesses in Software Written in C (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-658: Weaknesses in Software Written in C

Weaknesses in Software Written in C

Definition in a New Window

View ID: 658 (View: Implicit Slice)

Status: Draft

View Data

View Objective

This view (slice) covers issues that are found in C programs that are not common to all languages.

View Filter: .//Applicable_Platforms//@Language_Name='C'

View Metrics

	CWEs in this view		Total CWEs
Total	74	out of	791
Views	0	out of	22
Categories	3	out of	106
Weaknesses	67	out of	651
Compound_Elements	4	out of	12

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Description, Name, View Filter, View Structure

Weakness Base Addition of Data Structure Sentinel - (464)

Weakness Variant Assigning instead of Comparing - (481)

Weakness Base Assignment of a Fixed Address to a Pointer - (587)

Compound Element: Composite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness Variant Buffer Over-read - (126)

Weakness Variant Buffer Under-read - (127)

Weakness Base Buffer Underwrite ('Buffer Underflow') - (124)

Weakness Variant Comparing instead of Assigning - (482)

Weakness Base Compiler Optimization Removal or Modification of Security-critical Code - (733)

Weakness Base Compiler Removal of Code to Clear Buffers - (14)

Weakness Base Deletion of Data Structure Sentinel - (463)

Weakness Variant Double Free - (415)

Weakness Base Duplicate Key in Associative List (Alist) - (462)

Weakness Variant Exposed IOCTL with Insufficient Access Control - (782)

Weakness Variant Failure to Change Working Directory in chroot Jail - (243)

Weakness Variant Failure to Clear Heap Memory Before Release ('Heap Inspection') - (244)

Weakness Class Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness Base Failure to Release Memory Before Removing Last Reference ('Memory Leak') - (401)

Weakness Variant Function Call With Incorrect Number of Arguments - (685)

Weakness Variant Function Call With Incorrect Variable or Reference as Argument - (688)

Weakness Variant Heap-based Buffer Overflow - (122)

Weakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)

Weakness Variant Improper Cleanup on Thrown Exception - (460)

Weakness Base Improper Handling of Length Parameter Inconsistency - (130)

Weakness Base Improper Null Termination - (170)

Weakness Base Improper Validation of Array Index - (129)

Compound Element: Chain Incomplete Blacklist to Cross-Site Scripting - (692)

Weakness Variant Incorrect Block Delimitation - (483)

Weakness Base Incorrect Calculation of Buffer Size - (131)

Weakness Base Incorrect Calculation of Multi-Byte String Length - (135)

Weakness Base Incorrect Pointer Scaling - (468)

Weakness Class Incorrect Type Conversion or Cast - (704)

Category Integer Coercion Error - (192)

Weakness Base Integer Underflow (Wrap or Wraparound) - (191)

Weakness Variant Missing Default Case in Switch Statement - (478)

Weakness Base Mutable Objects Passed by Reference - (374)

Weakness Base NULL Pointer Dereference - (476)

Weakness Base Numeric Truncation Error - (197)

Category Often Misused: String Management - (251)

Weakness Base Omitted Break Statement in Switch - (484)

Weakness Variant Operator Precedence Logic Error - (783)

Weakness Base Out-of-bounds Read - (125)

Weakness Base Passing Mutable Objects to an Untrusted Method - (375)

Compound Element: Composite Permission Race Condition During Resource Copy - (689)

Weakness Variant Private Array-Typed Field Returned From A Public Method - (495)

Weakness Variant Public Data Assigned to Private Array-Typed Field - (496)

Weakness Base Race Condition in Switch - (365)

Weakness Base Race Condition within a Thread - (366)

Weakness Base Reliance on Data/Memory Layout - (188)

Weakness Base Return of Pointer Value Outside of Expected Range - (466)

Weakness Base Return of Stack Variable Address - (562)

Category Signal Errors - (387)

Weakness Base Signal Handler Race Condition - (364)

Weakness Variant Signed to Unsigned Conversion Error - (195)

Weakness Variant Stack-based Buffer Overflow - (121)

Compound Element: Chain Unchecked Return Value to NULL Pointer Dereference - (690)

Weakness Base Uncontrolled Format String - (134)

Weakness Variant Uncontrolled Memory Allocation - (789)

Weakness Base Unexpected Sign Extension - (194)

Weakness Variant Unsafe Function Call from a Signal Handler - (479)

Weakness Variant Unsigned to Signed Conversion Error - (196)

Weakness Base Use After Free - (416)

Weakness Base Use of Function with Inconsistent Implementations - (474)

Weakness Variant Use of getlogin() in Multithreaded Application - (558)

Weakness Base Use of Incorrect Operator - (480)

Weakness Base Use of Inherently Dangerous Function - (242)

Weakness Variant Use of Path Manipulation Function without Maximum-sized Buffer - (785)

Weakness Base Use of Pointer Subtraction to Determine Size - (469)

Weakness Base Use of Potentially Dangerous Function - (676)

Weakness Variant Use of sizeof() on a Pointer Type - (467)

Weakness Variant Use of umask() with chmod-style Argument - (560)

Weakness Variant Use of Uninitialized Variable - (457)

Weakness Base Wrap-around Error - (128)

Weakness Base Write-what-where Condition - (123)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us