CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.2)  
ID

CWE CATEGORY: Often Misused: String Management

Category ID: 251
Status: Incomplete
+ Summary
Functions that manipulate strings encourage buffer overflows.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.2277PK - API Abuse
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.974SFP Secondary Cluster: Incorrect Buffer Length Computation
+ References
[REF-6] Katrina Tsipenyuk, Brian Chess and Gary McGraw. "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors". NIST Workshop on Software Security Assurance Tools Techniques and Metrics. NIST. 2005-11-07. <https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2006-07-197 Pernicious Kingdoms
+ Modifications
Modification DateModifierOrganization
2008-08-01KDM Analytics
added/updated white box definitions
2008-09-08CWE Content TeamMITRE
updated Applicable_Platforms, Relationships, Taxonomy_Mappings
2017-11-08CWE Content TeamMITRE
updated Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Relationships, White_Box_Definitions
2020-02-24CWE Content TeamMITRE
updated Relationships, Taxonomy_Mappings
2020-06-25CWE Content TeamMITRE
updated References
More information is available — Please select a different filter.
Page Last Updated: June 25, 2020