Category: SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) section of the SEI CERT C Coding Standard.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | This vulnerability occurs when software accesses a memory buffer but reads from or writes to a location outside its allocated boundary. This can corrupt adjacent data, crash the program, or allow attackers to execute arbitrary code. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow occurs when a program writes more data to a buffer located on the call stack than it can hold, corrupting adjacent memory and potentially hijacking the program's execution flow. |
| CWE-123 | Write-what-where Condition | A write-what-where condition occurs when an attacker can control both the data written and the exact memory location where it's written, often due to a severe memory corruption flaw like a buffer overflow. |
| CWE-125 | Out-of-bounds Read | An out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data structure, reading data it wasn't intended to see. |
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-468 | Incorrect Pointer Scaling | This vulnerability occurs when a programmer incorrectly accounts for pointer arithmetic in C or C++, causing the program to access unintended memory locations. The core issue is forgetting that adding an integer to a pointer automatically scales that integer by the size of the data type it points to. |
| CWE-469 | Use of Pointer Subtraction to Determine Size | This vulnerability occurs when a program calculates a size or offset by subtracting two memory pointers, but the pointers point to locations in different memory blocks, leading to an incorrect and potentially dangerous result. |
| CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | This weakness occurs when software depends on specific behaviors of an API, data structure, or system component that are not formally guaranteed by its specification. The code assumes these behaviors will always work a certain way, but they might change or fail under different conditions. |
| CWE-786 | Access of Memory Location Before Start of Buffer | This vulnerability occurs when software attempts to read from or write to a memory location positioned before the official start of a buffer. |
| CWE-805 | Buffer Access with Incorrect Length Value | This vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries. |
| CWE-1154 | Weaknesses Addressed by the SEI CERT C Coding Standard | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT C Coding Standard. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.