Category: CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the Integers (INT) chapter of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-190 | Integer Overflow or Wraparound | Integer overflow or wraparound occurs when a calculation produces a numeric result that exceeds the maximum value a variable can hold. Instead of increasing as expected, the value wraps around to a very small or negative number, breaking the program's logic. |
| CWE-192 | Integer Coercion Error | An integer coercion error occurs when a program incorrectly converts, extends, or truncates a number between different data types, leading to unexpected values. |
| CWE-197 | Numeric Truncation Error | A numeric truncation error happens when a program converts a number to a smaller data type, cutting off its higher-order bits and corrupting the original value. |
| CWE-20 | Improper Input Validation | This vulnerability occurs when an application accepts data from an external source but fails to properly verify that the data is safe and correctly formatted before using it. This missing or flawed validation check allows malicious or malformed inputs to disrupt the application's logic or security. |
| CWE-369 | Divide By Zero | A divide-by-zero error occurs when software attempts to perform a division operation where the denominator is zero. |
| CWE-466 | Return of Pointer Value Outside of Expected Range | This vulnerability occurs when a function returns a memory pointer that points outside the expected buffer range, potentially exposing unrelated memory or causing crashes. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | This vulnerability occurs when code explicitly assigns a hardcoded memory address to a pointer, instead of using a dynamic or null value. |
| CWE-606 | Unchecked Input for Loop Condition | This vulnerability occurs when an application fails to properly validate or limit user-supplied values that control loop iterations. Without these checks, malicious input can force the program into an endless or excessively long loop, consuming system resources and leading to denial of service or application instability. |
| CWE-676 | Use of Potentially Dangerous Function | This vulnerability occurs when code calls a function that can be dangerous if misused, but can also be used safely with proper precautions. The risk lies not in the function itself, but in how it's implemented. |
| CWE-681 | Incorrect Conversion between Numeric Types | This vulnerability occurs when a program converts a value from one numeric type to another (like a 64-bit integer to a 32-bit integer) and the conversion loses or misinterprets data. If these corrupted values are later used in security-critical operations—like calculating buffer sizes, checking permissions, or performing financial transactions—they can lead to crashes, incorrect behavior, or security bypasses. |
| CWE-682 | Incorrect Calculation | This vulnerability occurs when software performs a calculation that produces wrong or unexpected results, which are then used to make security decisions or manage critical resources. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.