CWE - VIEW LIST: CWE-658: Weaknesses found in the C Language (Draft 9)

Home > CWE List > VIEW LIST: CWE-658: Weaknesses found in the C Language (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

(CWE-658)

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

VIEW LIST: CWE-658: Weaknesses found in the C Language (Draft 9)

View ID

Status: Draft

658 (View)

Objective

This view (slice) covers issues that are found in C that are not common to all languages.

View Data

Filter Used: .//Applicable_Platforms/Platform='C'

	CWEs in this view		Total CWEs
Total	63	out of	695
Views	0	out of	14
Categories	2	out of	64
Weaknesses	57	out of	605
Compound_Elements	4	out of	12

Addition of Data Structure Sentinel - (464)

Assigning instead of Comparing - (481)

Assignment of a Fixed Address to a Pointer - (587)

Boundary Beginning Violation ('Buffer Underwrite') - (124)

Buffer Over-read - (126)

Buffer Under-read - (127)

Comparing instead of Assigning - (482)

Declaration of Catch for Generic Exception - (396)

Declaration of Throws for Generic Exception - (397)

Deletion of Data Structure Sentinel - (463)

Double Free - (415)

Duplicate Key in Associative List (Alist) - (462)

Failure to Change Working Directory in chroot Jail - (243)

Failure to Clear Heap Memory Before Release - (244)

Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak') - (401)

Failure to Use Default Case in Switch - (478)

Function Call With Incorrect Number of Arguments - (685)

Function Call With Incorrect Variable or Reference as Argument - (688)

Heap-based Buffer Overflow - (122)

Improper Cleanup on Thrown Exception - (460)

Improper Null Termination - (170)

Incomplete Blacklist to Cross-Site Scripting - (692)

Incorrect Calculation of Buffer Size - (131)

Incorrect Calculation of Multi-Byte String Length - (135)

Incorrect Pointer Scaling - (468)

Incorrect Sign Extension - (194)

Integer Coercion Error - (192)

Integer Underflow (Wrap or Wraparound) - (191)

Miscalculated Null Termination - (132)

Mutable Objects Passed by Reference - (374)

NULL Pointer Dereference - (476)

Numeric Truncation Error - (197)

Often Misused: Path Manipulation - (249)

Often Misused: String Management - (251)

Omitted Break Statement - (484)

Out-of-bounds Read - (125)

Passing Mutable Objects to an Untrusted Method - (375)

Permission Race Condition During Resource Copy - (689)

Private Array-Typed Field Returned From A Public Method - (495)

Public Data Assigned to Private Array-Typed Field - (496)

Race Condition in Switch - (365)

Race Condition within a Thread - (366)

Reliance on Data/Memory Layout - (188)

Return of Pointer Value Outside of Expected Range - (466)

Return of Stack Variable Address - (562)

Signal Errors - (387)

Signal Handler Race Condition - (364)

Signed to Unsigned Conversion Error - (195)

Stack-based Buffer Overflow - (121)

Unbounded Transfer ('Classic Buffer Overflow') - (120)

Uncaught Exception - (248)

Unchecked Array Indexing - (129)

Unchecked Return Value to NULL Pointer Dereference - (690)

Unsafe Function Call from a Signal Handler - (479)

Unsigned to Signed Conversion Error - (196)

Use After Free - (416)

Use of getlogin() in Multithreaded Application - (558)

Use of Inherently Dangerous Function - (242)

Use of Pointer Subtraction to Determine Size - (469)

Use of Potentially Dangerous Function - (676)

Use of sizeof() on a Pointer Type - (467)

Use of umask() with chmod-style Argument - (560)

Write-what-where Condition - (123)

Page Last Updated: April 11, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us