CERT Rule | Related Guidelines |
---|---|
EXP33-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
EXP33-C | CWE-123, Write-what-where Condition |
EXP33-C | CWE-125, Out-of-bounds Read |
EXP33-C | CWE-665, Improper Initialization |
EXP34-C | CWE-476, NULL Pointer Dereference |
EXP37-C | CWE-628, Function Call with Incorrectly Specified Arguments |
EXP37-C | CWE-686, Function Call with Incorrect Argument Type |
EXP39-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
EXP39-C | CWE-123, Write-what-where Condition |
EXP39-C | CWE-125, Out-of-bounds Read |
EXP45-C | CWE-480, Use of Incorrect Operator |
EXP46-C | CWE-480, Use of incorrect operator |
INT30-C | CWE-190, Integer Overflow or Wraparound |
INT31-C | CWE-192, Integer Coercion Error |
INT31-C | CWE-197, Numeric Truncation Error |
INT31-C | CWE-681, Incorrect Conversion between Numeric Types |
INT32-C | CWE-129, Improper Validation of Array Index |
INT32-C | CWE-190, Integer Overflow or Wraparound |
INT33-C | CWE-369, Divide By Zero |
INT35-C | CWE-190, Integer Overflow or Wraparound |
INT36-C | CWE-466, Return of Pointer Value Outside of Expected Range |
INT36-C | CWE-587, Assignment of a Fixed Address to a Pointer |
FLP32-C | CWE-682, Incorrect Calculation |
FLP34-C | CWE-681, Incorrect Conversion between Numeric Types |
ARR30-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
ARR30-C | CWE-122, Heap-based Buffer Overflow |
ARR30-C | CWE-123, Write-what-where Condition |
ARR30-C | CWE-125, Out-of-bounds Read |
ARR30-C | CWE-129, Improper Validation of Array Index |
ARR30-C | CWE-788, Access of Memory Location after End of Buffer |
ARR36-C | CWE-469, Use of Pointer Subtraction to Determine Size |
ARR37-C | CWE-469, Use of Pointer Subtraction to Determine Size |
ARR38-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
ARR38-C | CWE-121, Stack-based Buffer Overflow |
ARR38-C | CWE-123, Write-what-where Condition |
ARR38-C | CWE-125, Out-of-bounds Read |
ARR38-C | CWE-805, Buffer Access with Incorrect Length Value |
ARR39-C | CWE-468, Incorrect Pointer Scaling |
STR31-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
STR31-C | CWE-120, Buffer Copy without Checking Size of Input ("Classic Buffer Overflow") |
STR31-C | CWE-123, Write-what-where Condition |
STR31-C | CWE-125, Out-of-bounds Read |
STR31-C | CWE-193, Off-by-one Error |
STR32-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
STR32-C | CWE-123, Write-what-where Condition |
STR32-C | CWE-125, Out-of-bounds Read |
STR32-C | CWE-170, Improper Null Termination |
STR34-C | CWE-704, Incorrect Type Conversion or Cast |
STR37-C | CWE-704, Incorrect Type Conversion or Cast |
STR37-C | CWE-686, Function Call with Incorrect Argument Type |
MEM30-C | CWE-415, Double Free |
MEM30-C | CWE-416, Use After Free |
MEM31-C | CWE-401, Improper Release of Memory Before Removing Last Reference ("Memory Leak") |
MEM34-C | CWE-590, Free of Memory Not on the Heap |
MEM35-C | CWE-131, Incorrect Calculation of Buffer Size |
MEM35-C | CWE-190, Integer Overflow or Wraparound |
MEM35-C | CWE-467, Use of sizeof() on a Pointer Type |
FIO30-C | CWE-134, Uncontrolled Format String |
FIO32-C | CWE-67, Improper Handling of Windows Device Names |
FIO37-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
FIO37-C | CWE-123, Write-what-where Condition |
FIO37-C | CWE-125, Out-of-bounds Read |
FIO37-C | CWE-241, Improper Handling of Unexpected Data Type |
FIO42-C | CWE-404, Improper Resource Shutdown or Release |
FIO47-C | CWE-686, Function Call with Incorrect Argument Type |
ENV32-C | CWE-705, Incorrect Control Flow Scoping |
ENV33-C | CWE-78, Improper Neutralization of Special Elements Used in an OS Command (aka "OS Command Injection") |
ENV33-C | CWE-88, Argument Injection or Modification |
SIG30-C | CWE-479, Signal Handler Use of a Non-reentrant Function |
SIG31-C | CWE-662, Improper Synchronization |
SIG34-C | CWE-479, Signal Handler Use of a Non-reentrant Function |
ERR30-C | CWE-456, Missing Initialization of a Variable |
ERR33-C | CWE-252, Unchecked Return Value |
ERR33-C | CWE-253, Incorrect Check of Function Return Value |
ERR33-C | CWE-390, Detection of Error Condition without Action |
ERR33-C | CWE-391, Unchecked Error Condition |
ERR33-C | CWE-476, NULL Pointer Dereference |
ERR34-C | CWE-676, Use of potentially dangerous function |
ERR34-C | CWE-20, Insufficient input validation |
CON31-C | CWE-667, Improper Locking |
CON35-C | CWE-764, Multiple Locks of a Critical Resource |
CON40-C | CWE-366, Race Condition within a Thread |
CON40-C | CWE-413, Improper Resource Locking |
CON40-C | CWE-567, Unsynchronized Access to Shared Data in a Multithreaded Context |
CON40-C | CWE-667, Improper Locking |
CON43-C | CWE-366, Race condition within a thread |
MSC30-C | CWE-327, Use of a Broken or Risky Cryptographic Algorithm |
MSC30-C | CWE-330, Use of Insufficiently Random Values |
MSC30-C | CWE-331, Insufficient Entropy |
MSC30-C | CWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
MSC32-C | CWE-327, Use of a Broken or Risky Cryptographic Algorithm |
MSC32-C | CWE-330, Use of Insufficiently Random Values |
MSC32-C | CWE-331, Insufficient Entropy |
MSC32-C | CWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
POS30-C | CWE-170, Improper null termination |
POS33-C | CWE-242, Use of inherently dangerous function |
POS34-C | CWE-686, Function call with incorrect argument type |
POS34-C | CWE-562, Return of stack variable address |
POS35-C | CWE-363, Race condition enabling link following |
POS35-C | CWE-365, Race condition in switch |
POS36-C | CWE-250, Execution with unnecessary privileges |
POS36-C | CWE-696, Incorrect behavior order |
POS37-C | CWE-250, Execution with unnecessary privileges |
POS37-C | CWE-273, Failure to check whether privileges were dropped successfully |
POS48-C | CWE-667, Insufficient locking |
POS51-C | CWE-764, Multiple locks of critical resources |
POS54-C | CWE-252, Unchecked return value |
POS54-C | CWE-253, Incorrect check of function return value |
POS54-C | CWE-390, Detection of error condition without action |
POS54-C | CWE-391, Unchecked error condition |
API00-C | CWE-20, Insufficient input validation |
API04-C | CWE-754, Improper check for unusual or exceptional conditions |
ARR00-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
ARR00-C | CWE-123, Write-what-where Condition |
ARR00-C | CWE-125, Out-of-bounds Read |
ARR00-C | CWE-129, Unchecked array indexing |
ARR01-C | CWE-467, Use of sizeof() on a pointer type |
ARR02-C | CWE-665, Incorrect or incomplete initialization |
CON06-C | CWE-667, Improper Locking |
CON07-C | CWE-366, Race condition within a thread |
CON07-C | CWE-413, Improper resource locking |
CON07-C | CWE-567, Unsynchronized access to shared data in a multithreaded context |
CON07-C | CWE-667, Improper locking |
CON08-C | CWE-362, Concurrent execution using shared resource with improper synchronization ("race condition") |
CON08-C | CWE-366, Race condition within a thread |
CON08-C | CWE-662, Improper synchronization |
DCL06-C | CWE-547, Use of hard-coded, security-relevant constants |
DCL10-C | CWE-628, Function call with incorrectly specified arguments |
ENV01-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
ENV01-C | CWE-123, Write-what-where Condition |
ENV01-C | CWE-125, Out-of-bounds Read |
ENV02-C | CWE-462, Duplicate key in associative list (Alist) |
ENV02-C | CWE-807, Reliance on untrusted inputs in a security decision |
ENV03-C | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
ENV03-C | CWE-88, Argument injection or modification |
ENV03-C | CWE-426, Untrusted search path |
ENV03-C | CWE-471, Modification of Assumed-Immutable Data (MAID) |
ENV03-C | CWE-807, Reliance on intrusted inputs in a security decision |
ERR00-C | CWE-391, Unchecked error condition |
ERR00-C | CWE-544, Missing standardized error handling mechanism |
ERR04-C | CWE-705, Incorrect control flow scoping |
ERR07-C | CWE-20, Improper Input Validation |
ERR07-C | CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
ERR07-C | CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
ERR07-C | CWE-91, XML Injection (aka Blind XPath Injection) |
ERR07-C | CWE-94, Improper Control of Generation of Code ('Code Injection') |
ERR07-C | CWE-114, Process Control |
ERR07-C | CWE-601, URL Redirection to Untrusted Site ('Open Redirect') |
ERR07-C | CWE-676, Use of potentially dangerous function |
EXP02-C | CWE-768, Incorrect short circuit evaluation |
EXP05-C | CWE-704, Incorrect type conversion or cast |
EXP08-C | CWE-468, Incorrect pointer scaling |
EXP09-C | CWE-805, Buffer access with incorrect length value |
EXP12-C | CWE-754, Improper check for unusual or exceptional conditions |
EXP15-C | CWE-480, Use of incorrect operator |
EXP16-C | CWE-480, Use of incorrect operator |
EXP16-C | CWE-482, Comparing instead of assigning |
FIO01-C | CWE-73, External control of file name or path |
FIO01-C | CWE-367, Time-of-check, time-of-use race condition |
FIO01-C | CWE-676, Use of potentially dangerous function |
FIO02-C | CWE-22, Path traversal |
FIO02-C | CWE-23, Relative Path Traversal |
FIO02-C | CWE-28, Path Traversal: '..\filedir' |
FIO02-C | CWE-40, Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
FIO02-C | CWE-41, Failure to resolve path equivalence |
FIO02-C | CWE-59, Failure to resolve links before file access (aka "link following") |
FIO02-C | CWE-73, External control of file name or path |
FIO05-C | CWE-37, Path issue—Slash absolute path |
FIO05-C | CWE-38, Path Issue—Backslash absolute path |
FIO05-C | CWE-39, Path Issue—Drive letter or Windows volume |
FIO05-C | CWE-62, UNIX hard link |
FIO05-C | CWE-64, Windows shortcut following (.LNK) |
FIO05-C | CWE-65, Windows hard link |
FIO06-C | CWE-276, Insecure default permissions |
FIO06-C | CWE-279, Insecure execution-assigned permissions |
FIO06-C | CWE-732, Incorrect permission assignment for critical resource |
FIO15-C | CWE-379, Creation of temporary file in directory with insecure permissions |
FIO15-C | CWE-552, Files or directories accessible to external parties |
FIO21-C | CWE-379, Creation of temporary file in directory with insecure permissions |
FIO22-C | CWE-403, UNIX file descriptor leak |
FIO22-C | CWE-404, Improper resource shutdown or release |
FIO22-C | CWE-770, Allocation of resources without limits or throttling |
FIO24-C | CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") |
FIO24-C | CWE-675, Duplicate Operations on Resource |
FLP03-C | CWE-369, Divide by zero |
FLP06-C | CWE-681, Incorrect conversion between numeric types |
FLP06-C | CWE-682, Incorrect calculation |
INT02-C | CWE-192, Integer coercion error |
INT02-C | CWE-197, Numeric truncation error |
INT05-C | CWE-192, Integer coercion error |
INT05-C | CWE-197, Numeric truncation error |
INT07-C | CWE-682, Incorrect calculation |
INT10-C | CWE-682, Incorrect calculation |
INT10-C | CWE-129, Unchecked array indexing |
INT13-C | CWE-682, Incorrect calculation |
INT15-C | CWE-681, Incorrect conversion between numeric types |
INT18-C | CWE-681, Incorrect conversion between numeric types |
INT18-C | CWE-190, Integer overflow (wrap or wraparound) |
MEM00-C | CWE-415, Double free |
MEM00-C | CWE-416, Use after free |
MEM01-C | CWE-415, Double free |
MEM01-C | CWE-416, Use after free |
MEM03-C | CWE-226, Sensitive information uncleared before release |
MEM03-C | CWE-244, Failure to clear heap memory before release ("heap inspection") |
MEM04-C | CWE-687, Function call with incorrectly specified argument value |
MEM06-C | CWE-591, Sensitive data storage in improperly locked memory |
MEM06-C | CWE-528, Information leak through core dump files |
MEM07-C | CWE-190, Integer overflow (wrap or wraparound) |
MEM07-C | CWE-128, Wrap-around error |
MEM10-C | CWE-20, Improper Input Validation |
MEM10-C | CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
MEM10-C | CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
MEM10-C | CWE-91, XML Injection (aka Blind XPath Injection) |
MEM10-C | CWE-94, Improper Control of Generation of Code ('Code Injection') |
MEM10-C | CWE-114, Process Control |
MEM10-C | CWE-601, URL Redirection to Untrusted Site ('Open Redirect') |
MEM11-C | CWE-770, Allocation of resources without limits or throttling |
MSC00-C | CWE-563, Unused variable |
MSC00-C | CWE-570, Expression is always false |
MSC00-C | CWE-571, Expression is always true |
MSC06-C | CWE-14, Compiler removal of code to clear buffers |
MSC07-C | CWE-561, Dead code |
MSC09-C | CWE-116, Improper encoding or escaping of output |
MSC10-C | CWE-176, Failure to handle Unicode encoding |
MSC10-C | CWE-116, Improper encoding or escaping of output |
MSC11-C | CWE-190, Reachable assertion |
MSC18-C | CWE-259, Use of Hard-coded Password |
MSC18-C | CWE-261, Weak Cryptography for Passwords |
MSC18-C | CWE-311, Missing encryption of sensitive data |
MSC18-C | CWE-319, Cleartext Transmission of Sensitive Information |
MSC18-C | CWE-321, Use of Hard-coded Cryptographic Key |
MSC18-C | CWE-326, Inadequate encryption strength |
MSC18-C | CWE-798, Use of hard-coded credentials |
MSC24-C | CWE-20, Insufficient input validation |
MSC24-C | CWE-73, External control of file name or path |
MSC24-C | CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
MSC24-C | CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
MSC24-C | CWE-91, XML Injection (aka Blind XPath Injection) |
MSC24-C | CWE-94, Improper Control of Generation of Code ('Code Injection') |
MSC24-C | CWE-114, Process Control |
MSC24-C | CWE-120, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
MSC24-C | CWE-192, Integer coercion error |
MSC24-C | CWE-197, Numeric truncation error |
MSC24-C | CWE-367, Time-of-check, time-of-use race condition |
MSC24-C | CWE-464, Addition of data structure sentinel |
MSC24-C | CWE-601, URL Redirection to Untrusted Site ('Open Redirect') |
MSC24-C | CWE-676, Use of potentially dangerous function |
POS01-C | CWE-59, Failure to resolve links before file access (aka "link following") |
POS01-C | CWE-362, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
POS01-C | CWE-367, Time-of-check, time-of-use (TOCTOU) race condition |
POS02-C | CWE-250, Execution with unnecessary privileges |
POS02-C | CWE-272, Least privilege violation |
PRE09-C | CWE-684, Failure to provide specified functionality |
SIG00-C | CWE-662, Insufficient synchronization |
STR02-C | CWE-88, Argument injection or modification |
STR02-C | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
STR03-C | CWE-170, Improper null termination |
STR03-C | CWE-464, Addition of data structure sentinel |
STR06-C | CWE-464, Addition of data structure sentinel |
WIN02-C | CWE-250, Execution with unnecessary privileges |
WIN02-C | CWE-272, Least privilege violation |
WIN04-C | CWE-311, Missing encryption of sensitive data |
WIN04-C | CWE-319, Cleartext Transmission of Sensitive Information |