Category: Comprehensive Categorization: Memory Safety
Incomplete
Summary
Weaknesses in this category are related to memory safety.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | This vulnerability occurs when software accesses a memory buffer but reads from or writes to a location outside its allocated boundary. This can corrupt adjacent data, crash the program, or allow attackers to execute arbitrary code. |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow occurs when a program writes more data to a buffer located on the call stack than it can hold, corrupting adjacent memory and potentially hijacking the program's execution flow. |
| CWE-122 | Heap-based Buffer Overflow | A heap-based buffer overflow occurs when a program writes more data to a memory buffer allocated in the heap than it can hold, corrupting adjacent memory structures. This typically involves buffers created with functions like malloc(), calloc(), or realloc(). |
| CWE-123 | Write-what-where Condition | A write-what-where condition occurs when an attacker can control both the data written and the exact memory location where it's written, often due to a severe memory corruption flaw like a buffer overflow. |
| CWE-124 | Buffer Underwrite ('Buffer Underflow') | A buffer underwrite, also known as buffer underflow, happens when a program writes data to a memory location before the official start of a buffer. |
| CWE-125 | Out-of-bounds Read | An out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data structure, reading data it wasn't intended to see. |
| CWE-126 | Buffer Over-read | This vulnerability occurs when a program reads data from a memory buffer using an index or pointer that points beyond the buffer's allocated boundary, accessing unintended memory locations. |
| CWE-127 | Buffer Under-read | A buffer under-read occurs when a program attempts to read data from a memory location positioned before the start of an allocated buffer. |
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-131 | Incorrect Calculation of Buffer Size | This vulnerability occurs when a program miscalculates the amount of memory needed for a buffer, potentially leading to a buffer overflow that can crash the software or allow attackers to execute malicious code. |
| CWE-134 | Use of Externally-Controlled Format String | This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a file) in a formatting function (e.g., printf, sprintf). An attacker can craft a malicious format string to read or write memory, potentially crashing the application or executing arbitrary code. |
| CWE-188 | Reliance on Data/Memory Layout | This vulnerability occurs when software incorrectly assumes how data is structured in memory or within network packets, leading to unexpected behavior when those underlying layouts change. |
| CWE-198 | Use of Incorrect Byte Ordering | This vulnerability occurs when software processes data from another system without considering byte order (endianness), such as big-endian or little-endian. This mismatch can cause the program to misinterpret numbers or values, leading to incorrect calculations, crashes, or security flaws. |
| CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Using realloc() to resize buffers containing secrets like passwords or keys can leave that sensitive data exposed in memory, as the original data is not securely erased. |
| CWE-401 | Missing Release of Memory after Effective Lifetime | This vulnerability occurs when a program allocates memory but fails to properly release it after it's no longer needed, causing a gradual accumulation of unused memory that can't be reclaimed by the system. |
| CWE-415 | Double Free | A double free vulnerability occurs when a program mistakenly calls the 'free()' function twice on the same block of memory. |
| CWE-416 | Use After Free | Use After Free happens when a program continues to use a pointer to a memory location after that memory has been freed. This can lead to unpredictable behavior, crashes, or security vulnerabilities because the freed memory may have been reallocated for a different purpose. |
| CWE-466 | Return of Pointer Value Outside of Expected Range | This vulnerability occurs when a function returns a memory pointer that points outside the expected buffer range, potentially exposing unrelated memory or causing crashes. |
| CWE-562 | Return of Stack Variable Address | This vulnerability occurs when a function returns a pointer to its own local variable. Since that variable's memory is on the stack, the pointer becomes invalid as soon as the function finishes, leading to crashes or unpredictable behavior. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | This vulnerability occurs when code explicitly assigns a hardcoded memory address to a pointer, instead of using a dynamic or null value. |
| CWE-590 | Free of Memory not on the Heap | This vulnerability occurs when a program calls free() on a memory pointer that wasn't originally allocated using standard heap functions like malloc(), calloc(), or realloc(). |
| CWE-680 | Integer Overflow to Buffer Overflow | This vulnerability occurs when a program calculates the size of memory to allocate, but an integer overflow in that calculation results in a much smaller buffer being created than intended. This undersized buffer can then be overflowed by subsequent operations, corrupting adjacent memory. |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | This vulnerability occurs when a program calls a function that can return a NULL pointer to signal failure, but the code does not check for this error condition before using the returned value, leading to a crash or unexpected behavior from dereferencing the NULL pointer. |
| CWE-761 | Free of Pointer not at Start of Buffer | This vulnerability occurs when a program incorrectly frees a memory pointer that no longer points to the beginning of the allocated heap buffer, often due to pointer arithmetic. |
| CWE-762 | Mismatched Memory Management Routines | This vulnerability occurs when a program uses incompatible functions to allocate and free memory. For example, freeing memory with a function that doesn't match the one used to create it, like mixing different memory management systems. |
| CWE-763 | Release of Invalid Pointer or Reference | This vulnerability occurs when a program tries to free a memory resource back to the system but uses an incorrect deallocation method or calls the correct method improperly. |
| CWE-786 | Access of Memory Location Before Start of Buffer | This vulnerability occurs when software attempts to read from or write to a memory location positioned before the official start of a buffer. |
| CWE-787 | Out-of-bounds Write | This vulnerability occurs when software incorrectly writes data outside the boundaries of its allocated memory buffer, either beyond the end or before the beginning. |
| CWE-788 | Access of Memory Location After End of Buffer | This vulnerability occurs when software attempts to read from or write to a memory buffer using an index or pointer that points past the buffer's allocated boundary. |
| CWE-789 | Memory Allocation with Excessive Size Value | This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability. |
| CWE-805 | Buffer Access with Incorrect Length Value | This vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries. |
| CWE-806 | Buffer Access Using Size of Source Buffer | This vulnerability occurs when a program uses the size of the source data buffer to control reading or writing to a smaller destination buffer, potentially accessing memory outside the destination's allocated bounds. |
| CWE-822 | Untrusted Pointer Dereference | This vulnerability occurs when software takes a value from an untrusted source, treats it as a memory address (a pointer), and then accesses that memory location directly for reading or writing. |
| CWE-823 | Use of Out-of-range Pointer Offset | This vulnerability occurs when a program calculates a new memory address using a valid pointer and an offset, but the resulting address points outside the intended, safe memory region, such as beyond the bounds of an array or structure. |
| CWE-824 | Access of Uninitialized Pointer | This vulnerability occurs when a program tries to use a pointer variable before it has been assigned a valid memory address. |
| CWE-825 | Expired Pointer Dereference | This vulnerability occurs when a program tries to use a pointer that still points to a memory location that has already been freed or released. |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Comment:
See member weaknesses of this category.