Category: SFP Secondary Cluster: Faulty Pointer Use
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Faulty Pointer Use cluster (SFP7).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-469 | Use of Pointer Subtraction to Determine Size | This vulnerability occurs when a program calculates a size or offset by subtracting two memory pointers, but the pointers point to locations in different memory blocks, leading to an incorrect and potentially dangerous result. |
| CWE-476 | NULL Pointer Dereference | This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or unexpected behavior. |
| CWE-588 | Attempt to Access Child of a Non-structure Pointer | This vulnerability occurs when code incorrectly treats a pointer to a basic data type (like an integer) as if it points to a structured object (like a 'struct' in C). The program then tries to access a member field that doesn't exist at that memory location, which can cause crashes or corrupt adjacent data. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.