Category: CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) appendix of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-170 | Improper Null Termination | This weakness occurs when software fails to properly end a string or array with the required null character or equivalent terminator. |
| CWE-242 | Use of Inherently Dangerous Function | This vulnerability occurs when code uses functions that are inherently unsafe and cannot be reliably secured, posing a direct risk to application stability and security. |
| CWE-272 | Least Privilege Violation | This vulnerability occurs when software fails to reduce its elevated system privileges after completing a sensitive operation, leaving it with unnecessary and dangerous access rights. |
| CWE-273 | Improper Check for Dropped Privileges | This vulnerability occurs when an application tries to lower its system privileges but fails to verify that the operation was successful. |
| CWE-363 | Race Condition Enabling Link Following | This vulnerability occurs when a program checks a file's status before using it, creating a brief window where an attacker can replace that file with a malicious link. This causes the program to follow the link and access an unintended, potentially dangerous location. |
| CWE-366 | Race Condition within a Thread | This vulnerability occurs when two or more threads within the same application access and manipulate a shared resource (like a variable, data structure, or file) without proper synchronization. Because the threads can execute in an unpredictable order, they can corrupt the resource's state, leading to crashes, incorrect calculations, or data loss. |
| CWE-562 | Return of Stack Variable Address | This vulnerability occurs when a function returns a pointer to its own local variable. Since that variable's memory is on the stack, the pointer becomes invalid as soon as the function finishes, leading to crashes or unpredictable behavior. |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') | This vulnerability occurs when an application uses a filename to access a file but fails to properly check if that name points to a symbolic link, shortcut, or junction. This allows an attacker to manipulate the link's target, causing the application to read or write to an unintended, potentially sensitive location. |
| CWE-667 | Improper Locking | This vulnerability occurs when a program fails to correctly acquire or release a lock on a shared resource, such as a file, database record, or memory location. This improper synchronization allows other processes or threads to interfere, leading to corrupted data, crashes, or unpredictable behavior. |
| CWE-686 | Function Call With Incorrect Argument Type | This vulnerability occurs when a program calls a function or method but passes an argument of the wrong data type, which can cause unexpected behavior or security flaws. |
| CWE-696 | Incorrect Behavior Order | This weakness occurs when a system executes multiple dependent actions in the wrong sequence, leading to unexpected and potentially vulnerable states. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.