Category: SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) section of the SEI CERT C Coding Standard.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | This vulnerability occurs when software accesses a memory buffer but reads from or writes to a location outside its allocated boundary. This can corrupt adjacent data, crash the program, or allow attackers to execute arbitrary code. |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow occurs when a program writes more data to a buffer located on the call stack than it can hold, corrupting adjacent memory and potentially hijacking the program's execution flow. |
| CWE-122 | Heap-based Buffer Overflow | A heap-based buffer overflow occurs when a program writes more data to a memory buffer allocated in the heap than it can hold, corrupting adjacent memory structures. This typically involves buffers created with functions like malloc(), calloc(), or realloc(). |
| CWE-123 | Write-what-where Condition | A write-what-where condition occurs when an attacker can control both the data written and the exact memory location where it's written, often due to a severe memory corruption flaw like a buffer overflow. |
| CWE-125 | Out-of-bounds Read | An out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data structure, reading data it wasn't intended to see. |
| CWE-170 | Improper Null Termination | This weakness occurs when software fails to properly end a string or array with the required null character or equivalent terminator. |
| CWE-676 | Use of Potentially Dangerous Function | This vulnerability occurs when code calls a function that can be dangerous if misused, but can also be used safely with proper precautions. The risk lies not in the function itself, but in how it's implemented. |
| CWE-704 | Incorrect Type Conversion or Cast | This vulnerability occurs when software incorrectly changes data from one type to another, leading to unexpected behavior or security flaws. |
| CWE-1154 | Weaknesses Addressed by the SEI CERT C Coding Standard | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT C Coding Standard. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.