Category: State Issues
Draft
Summary
Weaknesses in this category are related to improper management of system state.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1265 | Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls | This vulnerability occurs when a non-reentrant function is called, and during its execution, another call is triggered that unexpectedly re-enters the same non-reentrant code path, corrupting its internal state. |
| CWE-15 | External Control of System or Configuration Setting | This vulnerability occurs when an application allows users to directly modify critical system settings or configuration values from an external source. |
| CWE-372 | Incomplete Internal State Distinction | This vulnerability occurs when an application fails to accurately track its own operational state. The system incorrectly assumes it's in one mode or condition when it's actually in another, leading to security-critical actions being performed with the wrong assumptions. |
| CWE-374 | Passing Mutable Objects to an Untrusted Method | This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data. |
| CWE-375 | Returning a Mutable Object to an Untrusted Caller | This vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to modify that data unexpectedly. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.