Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE VIEW: Named Chains

View ID: 709
Structure: Graph
Status: Incomplete
Presentation Filter:
+ View Data

View Objective

This view (graph) displays Named Chains and their components.

View Filter: .//@Compound_Element_Structure='Chain'

+ Relationships
Show Details:
709 - Named Chains
+Compound Element: ChainCompound Element: ChainInteger Overflow to Buffer Overflow - (680)
680 (Integer Overflow to Buffer Overflow)
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
+Compound Element: ChainCompound Element: ChainUnchecked Return Value to NULL Pointer Dereference - (690)
690 (Unchecked Return Value to NULL Pointer Dereference)
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
+Compound Element: ChainCompound Element: ChainIncomplete Blacklist to Cross-Site Scripting - (692)
692 (Incomplete Blacklist to Cross-Site Scripting)
The product uses a blacklist-based protection mechanism to defend against XSS attacks, but the blacklist is incomplete, allowing XSS variants to succeed.
+ Content History
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
+ View Metrics
CWEs in this viewTotal CWEs
Total3out of1006
Views0out of33
Categories0out of245
Weaknesses0out of720
Compound_Elements3out of8

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017