View: Weaknesses in Software Written in C
Draft
Type: Implicit
Objective
This view (slice) covers issues that are found in C programs that are not common to all languages.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | This vulnerability occurs when software accesses a memory buffer but reads from or writes to a location outside its allocated boundary. This can corrupt adjacent data, crash the program, or allow attackers to execute arbitrary code. |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow occurs when a program writes more data to a buffer located on the call stack than it can hold, corrupting adjacent memory and potentially hijacking the program's execution flow. |
| CWE-122 | Heap-based Buffer Overflow | A heap-based buffer overflow occurs when a program writes more data to a memory buffer allocated in the heap than it can hold, corrupting adjacent memory structures. This typically involves buffers created with functions like malloc(), calloc(), or realloc(). |
| CWE-123 | Write-what-where Condition | A write-what-where condition occurs when an attacker can control both the data written and the exact memory location where it's written, often due to a severe memory corruption flaw like a buffer overflow. |
| CWE-124 | Buffer Underwrite ('Buffer Underflow') | A buffer underwrite, also known as buffer underflow, happens when a program writes data to a memory location before the official start of a buffer. |
| CWE-125 | Out-of-bounds Read | An out-of-bounds read occurs when software accesses memory outside the boundaries of a buffer, array, or similar data structure, reading data it wasn't intended to see. |
| CWE-126 | Buffer Over-read | This vulnerability occurs when a program reads data from a memory buffer using an index or pointer that points beyond the buffer's allocated boundary, accessing unintended memory locations. |
| CWE-127 | Buffer Under-read | A buffer under-read occurs when a program attempts to read data from a memory location positioned before the start of an allocated buffer. |
| CWE-128 | Wrap-around Error | A wrap-around error happens when a variable exceeds the maximum value its data type can hold, causing it to unexpectedly reset to a very small, negative, or undefined number instead of increasing further. |
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-130 | Improper Handling of Length Parameter Inconsistency | This vulnerability occurs when a program reads a structured data packet or message but fails to properly validate that the declared length field matches the actual amount of data provided. |
| CWE-131 | Incorrect Calculation of Buffer Size | This vulnerability occurs when a program miscalculates the amount of memory needed for a buffer, potentially leading to a buffer overflow that can crash the software or allow attackers to execute malicious code. |
| CWE-1325 | Improperly Controlled Sequential Memory Allocation | This vulnerability occurs when a system allocates memory separately for each item in a collection but fails to enforce a global limit on the total memory used by all items combined. |
| CWE-1335 | Incorrect Bitwise Shift of Integer | This vulnerability occurs when a program attempts to shift an integer's bits by an invalid amount—either a negative number or a value equal to or greater than the integer's bit width (e.g., shifting a 32-bit integer by 32 or more places). This leads to unpredictable and platform-dependent results. |
| CWE-134 | Use of Externally-Controlled Format String | This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a file) in a formatting function (e.g., printf, sprintf). An attacker can craft a malicious format string to read or write memory, potentially crashing the application or executing arbitrary code. |
| CWE-1341 | Multiple Releases of Same Resource or Handle | This vulnerability occurs when a program incorrectly tries to close or release the same system resource—like memory, a file, or a network connection—more than once. This double-free or double-close violates the API's contract and leads to unpredictable and often dangerous behavior. |
| CWE-135 | Incorrect Calculation of Multi-Byte String Length | This vulnerability occurs when software incorrectly measures the length of strings containing multi-byte or wide characters, leading to buffer overflows, data corruption, or crashes. |
| CWE-14 | Compiler Removal of Code to Clear Buffers | A compiler optimization can remove security-critical code intended to wipe sensitive data from memory, leaving secrets exposed. This happens when the compiler identifies buffer-clearing operations as unnecessary 'dead stores' and eliminates them. |
| CWE-1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface | This vulnerability occurs when a hardware interface discards operations without providing any security-relevant feedback, such as error notifications or logs. This silence prevents the timely detection of critical failures or active attacks, leaving systems vulnerable to undetected compromise. |
| CWE-170 | Improper Null Termination | This weakness occurs when software fails to properly end a string or array with the required null character or equivalent terminator. |
| CWE-188 | Reliance on Data/Memory Layout | This vulnerability occurs when software incorrectly assumes how data is structured in memory or within network packets, leading to unexpected behavior when those underlying layouts change. |
| CWE-190 | Integer Overflow or Wraparound | Integer overflow or wraparound occurs when a calculation produces a numeric result that exceeds the maximum value a variable can hold. Instead of increasing as expected, the value wraps around to a very small or negative number, breaking the program's logic. |
| CWE-191 | Integer Underflow (Wrap or Wraparound) | Integer underflow occurs when a subtraction operation results in a value smaller than the data type's minimum limit, causing the value to wrap around to a large, incorrect number. |
| CWE-192 | Integer Coercion Error | An integer coercion error occurs when a program incorrectly converts, extends, or truncates a number between different data types, leading to unexpected values. |
| CWE-193 | Off-by-one Error | An off-by-one error occurs when a program incorrectly calculates a boundary, such as a loop counter or array index, by being one unit too high or too low. This often leads to buffer overflows, memory corruption, or unexpected program behavior. |
| CWE-194 | Unexpected Sign Extension | This vulnerability occurs when a signed number from a smaller data type is moved or cast to a larger type, causing its sign bit to be incorrectly extended. If the original value is negative, this sign extension can fill the new, higher-order bits with '1's, leading to unexpectedly large positive values and causing logic errors, buffer overflows, or security bypasses. |
| CWE-195 | Signed to Unsigned Conversion Error | This vulnerability occurs when a signed integer (which can hold negative values) is converted to an unsigned integer (which holds only non-negative values). If the original signed value is negative, the conversion produces a large, unexpected positive number instead of an error, breaking the program's logic. |
| CWE-196 | Unsigned to Signed Conversion Error | This vulnerability occurs when a program takes an unsigned integer and converts it directly to a signed integer. If the original unsigned value is too large to fit within the signed type's positive range, the conversion results in an unexpected negative number, corrupting the data. |
| CWE-197 | Numeric Truncation Error | A numeric truncation error happens when a program converts a number to a smaller data type, cutting off its higher-order bits and corrupting the original value. |
| CWE-242 | Use of Inherently Dangerous Function | This vulnerability occurs when code uses functions that are inherently unsafe and cannot be reliably secured, posing a direct risk to application stability and security. |
| CWE-243 | Creation of chroot Jail Without Changing Working Directory | This vulnerability occurs when a program creates a chroot jail but fails to change its current working directory afterward. Because the process's working directory remains outside the jail, attackers can use relative paths to access files and directories that should be restricted. |
| CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Using realloc() to resize buffers containing secrets like passwords or keys can leave that sensitive data exposed in memory, as the original data is not securely erased. |
| CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | A race condition occurs when multiple processes or threads access a shared resource simultaneously without proper coordination, creating a timing window where the resource's state can be unexpectedly altered, leading to unpredictable behavior or security vulnerabilities. |
| CWE-364 | Signal Handler Race Condition | A signal handler race condition occurs when a program's signal handling routine is vulnerable to timing issues, allowing its state to be corrupted through asynchronous execution. |
| CWE-366 | Race Condition within a Thread | This vulnerability occurs when two or more threads within the same application access and manipulate a shared resource (like a variable, data structure, or file) without proper synchronization. Because the threads can execute in an unpredictable order, they can corrupt the resource's state, leading to crashes, incorrect calculations, or data loss. |
| CWE-374 | Passing Mutable Objects to an Untrusted Method | This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data. |
| CWE-375 | Returning a Mutable Object to an Untrusted Caller | This vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to modify that data unexpectedly. |
| CWE-401 | Missing Release of Memory after Effective Lifetime | This vulnerability occurs when a program allocates memory but fails to properly release it after it's no longer needed, causing a gradual accumulation of unused memory that can't be reclaimed by the system. |
| CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | This vulnerability occurs when a parent process launches a child process without first closing sensitive file descriptors. The child process inherits these open handles, potentially gaining unauthorized access to files, sockets, or other resources it shouldn't be able to interact with. |
| CWE-415 | Double Free | A double free vulnerability occurs when a program mistakenly calls the 'free()' function twice on the same block of memory. |
| CWE-416 | Use After Free | Use After Free happens when a program continues to use a pointer to a memory location after that memory has been freed. This can lead to unpredictable behavior, crashes, or security vulnerabilities because the freed memory may have been reallocated for a different purpose. |
| CWE-457 | Use of Uninitialized Variable | This vulnerability occurs when a program accesses a variable before it has been assigned a value, leading to unpredictable behavior and potential security risks. |
| CWE-460 | Improper Cleanup on Thrown Exception | This vulnerability occurs when a program fails to properly restore its state or release resources after an exception is thrown, leaving the application in an inconsistent or unexpected condition. |
| CWE-462 | Duplicate Key in Associative List (Alist) | This vulnerability occurs when an associative list (alist) contains duplicate keys, which can cause unexpected behavior when software incorrectly handles or interprets these duplicates. |
| CWE-463 | Deletion of Data Structure Sentinel | This vulnerability occurs when a program accidentally removes or corrupts a special marker used to define the boundaries of a data structure, leading to logic errors and unexpected behavior. |
| CWE-464 | Addition of Data Structure Sentinel | This vulnerability occurs when a program unintentionally adds or modifies a special marker, known as a sentinel, within a data structure, leading to critical logic errors. |
| CWE-466 | Return of Pointer Value Outside of Expected Range | This vulnerability occurs when a function returns a memory pointer that points outside the expected buffer range, potentially exposing unrelated memory or causing crashes. |
| CWE-467 | Use of sizeof() on a Pointer Type | This vulnerability occurs when a developer uses the sizeof() operator on a pointer variable instead of the data it points to, leading to incorrect size calculations and potential buffer overflows or underflows. |
| CWE-468 | Incorrect Pointer Scaling | This vulnerability occurs when a programmer incorrectly accounts for pointer arithmetic in C or C++, causing the program to access unintended memory locations. The core issue is forgetting that adding an integer to a pointer automatically scales that integer by the size of the data type it points to. |
| CWE-469 | Use of Pointer Subtraction to Determine Size | This vulnerability occurs when a program calculates a size or offset by subtracting two memory pointers, but the pointers point to locations in different memory blocks, leading to an incorrect and potentially dangerous result. |
| CWE-474 | Use of Function with Inconsistent Implementations | This vulnerability occurs when code relies on a function whose behavior changes across different operating systems or versions, leading to unpredictable security risks when the software runs in an unexpected environment. |
| CWE-476 | NULL Pointer Dereference | This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or unexpected behavior. |
| CWE-478 | Missing Default Case in Multiple Condition Expression | This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values. |
| CWE-479 | Signal Handler Use of a Non-reentrant Function | This vulnerability occurs when a signal handler in your code calls a function that is not safe to re-enter. If that function is interrupted and called again before it finishes, it can corrupt memory and crash your program or create security weaknesses. |
| CWE-480 | Use of Incorrect Operator | This vulnerability occurs when a developer mistakenly uses the wrong operator in their code, leading to unintended and potentially insecure logic. |
| CWE-481 | Assigning instead of Comparing | This flaw occurs when a developer accidentally uses the assignment operator (=) instead of the comparison operator (== or ===). The code assigns a value when it was meant to check for equality, which fundamentally changes the program's logic. |
| CWE-482 | Comparing instead of Assigning | This vulnerability occurs when a developer accidentally uses a comparison operator (like '==') where an assignment operator (like '=') was intended, creating a logic error instead of setting a value. |
| CWE-483 | Incorrect Block Delimitation | This vulnerability occurs when a developer fails to use explicit braces or delimiters to group multiple statements within a block, leading to unexpected program logic. |
| CWE-484 | Omitted Break Statement in Switch | This vulnerability occurs when a developer forgets to include a 'break' statement inside a switch-case block. Without it, the code execution 'falls through' and unintentionally runs the logic for subsequent cases, leading to unexpected behavior. |
| CWE-495 | Private Data Structure Returned From A Public Method | This vulnerability occurs when a public method directly returns a reference to a private, internal data structure. Because the reference is live, external callers can bypass intended controls and modify the data unexpectedly, corrupting the application's state. |
| CWE-496 | Public Data Assigned to Private Array-Typed Field | This vulnerability occurs when a developer stores sensitive data in a private array, but then assigns a publicly accessible reference to that same array. This effectively makes all the private array's contents available to unauthorized code, bypassing intended access controls. |
| CWE-558 | Use of getlogin() in Multithreaded Application | Using the getlogin() function in a multithreaded application can lead to unreliable or incorrect username results, creating security and logic flaws. |
| CWE-560 | Use of umask() with chmod-style Argument | This vulnerability occurs when a program incorrectly uses the `umask()` system call with an argument formatted for `chmod()`, leading to unintended and overly permissive file permissions. |
| CWE-562 | Return of Stack Variable Address | This vulnerability occurs when a function returns a pointer to its own local variable. Since that variable's memory is on the stack, the pointer becomes invalid as soon as the function finishes, leading to crashes or unpredictable behavior. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | This vulnerability occurs when code explicitly assigns a hardcoded memory address to a pointer, instead of using a dynamic or null value. |
| CWE-676 | Use of Potentially Dangerous Function | This vulnerability occurs when code calls a function that can be dangerous if misused, but can also be used safely with proper precautions. The risk lies not in the function itself, but in how it's implemented. |
| CWE-681 | Incorrect Conversion between Numeric Types | This vulnerability occurs when a program converts a value from one numeric type to another (like a 64-bit integer to a 32-bit integer) and the conversion loses or misinterprets data. If these corrupted values are later used in security-critical operations—like calculating buffer sizes, checking permissions, or performing financial transactions—they can lead to crashes, incorrect behavior, or security bypasses. |
| CWE-685 | Function Call With Incorrect Number of Arguments | This weakness occurs when a program calls a function, method, or subroutine but provides the wrong number of arguments—either too many or too few. This mismatch can cause the program to behave unpredictably, access incorrect memory, or crash, creating a security vulnerability. |
| CWE-688 | Function Call With Incorrect Variable or Reference as Argument | This vulnerability occurs when a function is called with the wrong variable or reference passed as an argument. This simple coding mistake can cause the program to behave unpredictably, access incorrect data, or trigger other security flaws. |
| CWE-689 | Permission Race Condition During Resource Copy | This vulnerability occurs when a system copies a file or resource but delays setting its final permissions until the entire copy operation is finished. During the copy process, the resource remains exposed with default or overly permissive access, creating a temporary window where unauthorized users or processes could read, modify, or delete it. |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | This vulnerability occurs when a program calls a function that can return a NULL pointer to signal failure, but the code does not check for this error condition before using the returned value, leading to a crash or unexpected behavior from dereferencing the NULL pointer. |
| CWE-704 | Incorrect Type Conversion or Cast | This vulnerability occurs when software incorrectly changes data from one type to another, leading to unexpected behavior or security flaws. |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code | This vulnerability occurs when a compiler's optimization process unintentionally strips out or alters security-critical code that a developer intentionally wrote, leaving the application exposed. |
| CWE-762 | Mismatched Memory Management Routines | This vulnerability occurs when a program uses incompatible functions to allocate and free memory. For example, freeing memory with a function that doesn't match the one used to create it, like mixing different memory management systems. |
| CWE-763 | Release of Invalid Pointer or Reference | This vulnerability occurs when a program tries to free a memory resource back to the system but uses an incorrect deallocation method or calls the correct method improperly. |
| CWE-781 | Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code | This vulnerability occurs when a Windows driver defines an IOCTL using METHOD_NEITHER but fails to properly check the user-supplied memory addresses before using them. |
| CWE-782 | Exposed IOCTL with Insufficient Access Control | This vulnerability occurs when a system exposes an IOCTL (Input/Output Control) interface that performs sensitive operations, but fails to implement proper checks to verify which users or processes are allowed to call it. |
| CWE-783 | Operator Precedence Logic Error | This vulnerability occurs when a developer writes a conditional expression where the intended logic is broken due to misunderstanding or misapplying the rules of operator precedence. |
| CWE-785 | Use of Path Manipulation Function without Maximum-sized Buffer | This vulnerability occurs when a program uses a path manipulation function but supplies an output buffer that is too small to hold the maximum possible path length, such as PATH_MAX. |
| CWE-786 | Access of Memory Location Before Start of Buffer | This vulnerability occurs when software attempts to read from or write to a memory location positioned before the official start of a buffer. |
| CWE-787 | Out-of-bounds Write | This vulnerability occurs when software incorrectly writes data outside the boundaries of its allocated memory buffer, either beyond the end or before the beginning. |
| CWE-788 | Access of Memory Location After End of Buffer | This vulnerability occurs when software attempts to read from or write to a memory buffer using an index or pointer that points past the buffer's allocated boundary. |
| CWE-789 | Memory Allocation with Excessive Size Value | This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability. |
| CWE-805 | Buffer Access with Incorrect Length Value | This vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries. |
| CWE-806 | Buffer Access Using Size of Source Buffer | This vulnerability occurs when a program uses the size of the source data buffer to control reading or writing to a smaller destination buffer, potentially accessing memory outside the destination's allocated bounds. |
| CWE-824 | Access of Uninitialized Pointer | This vulnerability occurs when a program tries to use a pointer variable before it has been assigned a valid memory address. |
| CWE-825 | Expired Pointer Dereference | This vulnerability occurs when a program tries to use a pointer that still points to a memory location that has already been freed or released. |
| CWE-839 | Numeric Range Comparison Without Minimum Check | This vulnerability occurs when software validates that a number is within an acceptable range by only checking that it's less than or equal to a maximum value, but fails to also verify that it is greater than or equal to a required minimum. This oversight can allow negative or otherwise invalid low values to pass the check, leading to unexpected behavior. |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Type confusion occurs when a program creates a resource—like a pointer, object, or variable—with one data type, but later incorrectly accesses it as a different, incompatible type. |
| CWE-910 | Use of Expired File Descriptor | This vulnerability occurs when a program attempts to use a file descriptor after it has been closed, treating it as if it were still valid. |
| CWE-911 | Improper Update of Reference Count | This vulnerability occurs when a program uses a reference counter to track resource usage but fails to update the count correctly, either by missing an update or applying an incorrect value. |
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.