Category: 7PK - Code Quality
Draft
Summary
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained. According to the authors of the Seven Pernicious Kingdoms, "Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an adversary it provides an opportunity to stress the system in unexpected ways."
Membership
| ID | Name | Description |
|---|---|---|
| CWE-401 | Missing Release of Memory after Effective Lifetime | This vulnerability occurs when a program allocates memory but fails to properly release it after it's no longer needed, causing a gradual accumulation of unused memory that can't be reclaimed by the system. |
| CWE-404 | Improper Resource Shutdown or Release | This vulnerability occurs when a program fails to properly close or release a system resource—like a file handle, database connection, or memory block—after it's no longer needed, preventing its reuse. |
| CWE-415 | Double Free | A double free vulnerability occurs when a program mistakenly calls the 'free()' function twice on the same block of memory. |
| CWE-416 | Use After Free | Use After Free happens when a program continues to use a pointer to a memory location after that memory has been freed. This can lead to unpredictable behavior, crashes, or security vulnerabilities because the freed memory may have been reallocated for a different purpose. |
| CWE-457 | Use of Uninitialized Variable | This vulnerability occurs when a program accesses a variable before it has been assigned a value, leading to unpredictable behavior and potential security risks. |
| CWE-474 | Use of Function with Inconsistent Implementations | This vulnerability occurs when code relies on a function whose behavior changes across different operating systems or versions, leading to unpredictable security risks when the software runs in an unexpected environment. |
| CWE-475 | Undefined Behavior for Input to API | This API function exhibits unpredictable or undefined behavior when its control parameter is not set to the exact, required value. |
| CWE-476 | NULL Pointer Dereference | This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or unexpected behavior. |
| CWE-477 | Use of Obsolete Function | This vulnerability occurs when code relies on deprecated or obsolete functions, indicating outdated practices and insufficient maintenance that can introduce security gaps. |
| CWE-700 | Seven Pernicious Kingdoms | This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.