Category: CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) chapter of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | This vulnerability occurs when software accesses a memory buffer but reads from or writes to a location outside its allocated boundary. This can corrupt adjacent data, crash the program, or allow attackers to execute arbitrary code. |
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-467 | Use of sizeof() on a Pointer Type | This vulnerability occurs when a developer uses the sizeof() operator on a pointer variable instead of the data it points to, leading to incorrect size calculations and potential buffer overflows or underflows. |
| CWE-469 | Use of Pointer Subtraction to Determine Size | This vulnerability occurs when a program calculates a size or offset by subtracting two memory pointers, but the pointers point to locations in different memory blocks, leading to an incorrect and potentially dangerous result. |
| CWE-665 | Improper Initialization | This vulnerability occurs when software fails to properly set up a resource before use, or provides incorrect starting values, leaving it in an unpredictable and potentially dangerous state. |
| CWE-805 | Buffer Access with Incorrect Length Value | This vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.