CWE - CWE-709: Named Chains (2.11)

View ID: 709

Structure: Graph

Status: Incomplete

Presentation Filter:

View Data

View Objective

This view (graph) displays Named Chains and their components.

View Filter: .//@Compound_Element_Structure='Chain'

Relationships

Show Details:

Expand All | Collapse All

709 - Named Chains

Compound Element: ChainInteger Overflow to Buffer Overflow - (680)

680 (Integer Overflow to Buffer Overflow)

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Compound Element: ChainUnchecked Return Value to NULL Pointer Dereference - (690)

690 (Unchecked Return Value to NULL Pointer Dereference)

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

Compound Element: ChainIncomplete Blacklist to Cross-Site Scripting - (692)

692 (Incomplete Blacklist to Cross-Site Scripting)

The product uses a blacklist-based protection mechanism to defend against XSS attacks, but the blacklist is incomplete, allowing XSS variants to succeed.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-09-09		MITRE	Internal CWE Team
2008-09-09

View Metrics

	CWEs in this view		Total CWEs
Total	3	out of	1006
Views	0	out of	33
Categories	0	out of	245
Weaknesses	0	out of	720
Compound_Elements	3	out of	8

Common Weakness Enumeration

CWE VIEW: Named Chains


	Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org. CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.	Privacy policy Terms of use Contact us