Category: CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) chapter of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-14 | Compiler Removal of Code to Clear Buffers | A compiler optimization can remove security-critical code intended to wipe sensitive data from memory, leaving secrets exposed. This happens when the compiler identifies buffer-clearing operations as unnecessary 'dead stores' and eliminates them. |
| CWE-176 | Improper Handling of Unicode Encoding | This vulnerability occurs when software fails to correctly process or interpret Unicode-encoded input, leading to security bypasses, data corruption, or unexpected behavior. |
| CWE-20 | Improper Input Validation | This vulnerability occurs when an application accepts data from an external source but fails to properly verify that the data is safe and correctly formatted before using it. This missing or flawed validation check allows malicious or malformed inputs to disrupt the application's logic or security. |
| CWE-330 | Use of Insufficiently Random Values | This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate. |
| CWE-480 | Use of Incorrect Operator | This vulnerability occurs when a developer mistakenly uses the wrong operator in their code, leading to unintended and potentially insecure logic. |
| CWE-482 | Comparing instead of Assigning | This vulnerability occurs when a developer accidentally uses a comparison operator (like '==') where an assignment operator (like '=') was intended, creating a logic error instead of setting a value. |
| CWE-561 | Dead Code | Dead code refers to sections of a program that can never run during normal execution, effectively making them inactive and unreachable. |
| CWE-563 | Assignment to Variable without Use | This vulnerability occurs when a value is stored in a variable, but that variable is never read or used in subsequent code, creating a 'dead store.' |
| CWE-570 | Expression is Always False | This vulnerability occurs when code contains a conditional expression that can never evaluate to true, causing a section of the program to be permanently unreachable. |
| CWE-571 | Expression is Always True | This vulnerability occurs when code contains a conditional expression that will always evaluate to 'true', making the check ineffective and potentially bypassing critical security or logic gates. |
| CWE-697 | Incorrect Comparison | This weakness occurs when a security-critical decision relies on a flawed comparison between two pieces of data. The incorrect logic can create a gap that attackers exploit to bypass checks or trigger unintended behavior. |
| CWE-704 | Incorrect Type Conversion or Cast | This vulnerability occurs when software incorrectly changes data from one type to another, leading to unexpected behavior or security flaws. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.