Category: Type Errors
Draft
Summary
Weaknesses in this category are caused by improper data type transformation or improper handling of multiple data types.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1287 | Improper Validation of Specified Type of Input | This vulnerability occurs when software expects a specific type of data as input but fails to properly check that the incoming data actually matches that type. |
| CWE-681 | Incorrect Conversion between Numeric Types | This vulnerability occurs when a program converts a value from one numeric type to another (like a 64-bit integer to a 32-bit integer) and the conversion loses or misinterprets data. If these corrupted values are later used in security-critical operations—like calculating buffer sizes, checking permissions, or performing financial transactions—they can lead to crashes, incorrect behavior, or security bypasses. |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Type confusion occurs when a program creates a resource—like a pointer, object, or variable—with one data type, but later incorrectly accesses it as a different, incompatible type. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.