Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

CERT Rule

Related Guidelines

CERT Rule

Related Guidelines

EXP33-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
EXP33-CCWE-123, Write-what-where Condition
EXP33-CCWE-125, Out-of-bounds Read
EXP33-CCWE-665, Improper Initialization
EXP34-CCWE-476, NULL Pointer Dereference
EXP37-CCWE-628, Function Call with Incorrectly Specified Arguments
EXP37-CCWE-686, Function Call with Incorrect Argument Type
EXP39-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
EXP39-CCWE-123, Write-what-where Condition
EXP39-CCWE-125, Out-of-bounds Read
EXP45-CCWE-480, Use of Incorrect Operator
EXP46-CCWE-480, Use of incorrect operator
INT30-CCWE-190, Integer Overflow or Wraparound
INT31-CCWE-192, Integer Coercion Error
INT31-CCWE-197, Numeric Truncation Error
INT31-CCWE-681, Incorrect Conversion between Numeric Types
INT32-CCWE-129, Improper Validation of Array Index
INT32-CCWE-190, Integer Overflow or Wraparound
INT33-CCWE-369, Divide By Zero
INT35-CCWE-190, Integer Overflow or Wraparound
INT36-CCWE-466, Return of Pointer Value Outside of Expected Range
INT36-CCWE-587, Assignment of a Fixed Address to a Pointer
FLP32-CCWE-682, Incorrect Calculation
FLP34-CCWE-681, Incorrect Conversion between Numeric Types
ARR30-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
ARR30-CCWE-122, Heap-based Buffer Overflow
ARR30-CCWE-123, Write-what-where Condition
ARR30-CCWE-125, Out-of-bounds Read
ARR30-CCWE-129, Improper Validation of Array Index
ARR30-CCWE-788, Access of Memory Location after End of Buffer
ARR36-CCWE-469, Use of Pointer Subtraction to Determine Size
ARR37-CCWE-469, Use of Pointer Subtraction to Determine Size
ARR38-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
ARR38-CCWE-121, Stack-based Buffer Overflow
ARR38-CCWE-123, Write-what-where Condition
ARR38-CCWE-125, Out-of-bounds Read
ARR38-CCWE-805, Buffer Access with Incorrect Length Value
ARR39-CCWE-468, Incorrect Pointer Scaling
STR31-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
STR31-CCWE-120, Buffer Copy without Checking Size of Input ("Classic Buffer Overflow")
STR31-CCWE-123, Write-what-where Condition
STR31-CCWE-125, Out-of-bounds Read
STR31-CCWE-193, Off-by-one Error
STR32-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
STR32-CCWE-123, Write-what-where Condition
STR32-CCWE-125, Out-of-bounds Read
STR32-CCWE-170, Improper Null Termination
STR34-CCWE-704, Incorrect Type Conversion or Cast
STR37MSC41-CCWE-704, Incorrect Type Conversion or Cast
STR37-CCWE-686, Function Call with Incorrect Argument Type
MEM30-CCWE-415, Double Free
MEM30-CCWE-416, Use After Free
MEM31-CCWE-401, Improper Release of Memory Before Removing Last Reference ("Memory Leak")
MEM34-CCWE-590, Free of Memory Not on the Heap
MEM35-CCWE-131, Incorrect Calculation of Buffer Size
MEM35-CCWE-190, Integer Overflow or Wraparound
MEM35-CCWE-467, Use of sizeof() on a Pointer Type
FIO30-CCWE-134, Uncontrolled Format String
FIO32-CCWE-67, Improper Handling of Windows Device Names
FIO37-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
FIO37-CCWE-123, Write-what-where Condition
FIO37-CCWE-125, Out-of-bounds Read
FIO37-CCWE-241, Improper Handling of Unexpected Data Type
FIO42-CCWE-404, Improper Resource Shutdown or Release
FIO47-CCWE-686, Function Call with Incorrect Argument Type
ENV32-CCWE-705, Incorrect Control Flow Scoping
ENV33-CCWE-78, Improper Neutralization of Special Elements Used in an OS Command (aka "OS Command Injection")
ENV33-CCWE-88, Argument Injection or Modification
SIG30-CCWE-479, Signal Handler Use of a Non-reentrant Function
SIG31-CCWE-662, Improper Synchronization
SIG34-CCWE-479, Signal Handler Use of a Non-reentrant Function
ERR30-CCWE-456, Missing Initialization of a Variable
ERR33-CCWE-252, Unchecked Return Value
ERR33-CCWE-253, Incorrect Check of Function Return Value
ERR33-CCWE-390, Detection of Error Condition without Action
ERR33-CCWE-391, Unchecked Error Condition
ERR33-CCWE-476, NULL Pointer Dereference
ERR34-CCWE-676, Use of potentially dangerous function
ERR34-CCWE-20, Insufficient input validation
CON31-CCWE-667, Improper Locking
CON35-CCWE-764, Multiple Locks of a Critical Resource
CON40-CCWE-366, Race Condition within a Thread
CON40-CCWE-413, Improper Resource Locking
CON40-CCWE-567, Unsynchronized Access to Shared Data in a Multithreaded Context
CON40-CCWE-667, Improper Locking
CON43-CCWE-366, Race condition within a thread
MSC30-CCWE-327, Use of a Broken or Risky Cryptographic Algorithm
MSC30-CCWE-330, Use of Insufficiently Random Values
MSC30-CCWE-331, Insufficient Entropy
MSC30-CCWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
MSC32-CCWE-327, Use of a Broken or Risky Cryptographic Algorithm
MSC32-CCWE-330, Use of Insufficiently Random Values
MSC32-CCWE-331, Insufficient Entropy
MSC32-CCWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
POS30-CCWE-170, Improper null termination
POS33-CCWE-242, Use of inherently dangerous function
POS34-CCWE-686, Function call with incorrect argument type
POS34-CCWE-562, Return of stack variable address
POS35-CCWE-363, Race condition enabling link following
POS35-CCWE-365, Race condition in switch
POS36-CCWE-250, Execution with unnecessary privileges
POS36-CCWE-696, Incorrect behavior order
POS37-CCWE-250, Execution with unnecessary privileges
POS37-CCWE-273, Failure to check whether privileges were dropped successfully
POS48-CCWE-667, Insufficient locking
POS51-CCWE-764, Multiple locks of critical resources
POS54-CCWE-252, Unchecked return value
POS54-CCWE-253, Incorrect check of function return value
POS54-CCWE-390, Detection of error condition without action
POS54-CCWE-391, Unchecked error condition
API00-CCWE-20, Insufficient input validation
API04-CCWE-754, Improper check for unusual or exceptional conditions
ARR00-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
ARR00-CCWE-123, Write-what-where Condition
ARR00-CCWE-125, Out-of-bounds Read
ARR00-CCWE-129, Unchecked array indexing
ARR01-CCWE-467, Use of sizeof() on a pointer type
ARR02-CCWE-665, Incorrect or incomplete initialization
259, Use of Hard-Coded Password
MSC41-CCWE-798, Use of Hard-Coded Credentials
API00-CCWE-476
API07-CCWE-192
API07-CCWE-227
API07-CCWE-590
API07-CCWE-686
API07-CCWE-704
API07-CCWE-761
API07-CCWE-762
API07-CCWE-843
ARR01-CCWE-569
ARR01-CCWE-783
CON05-CCWE-557
CON05-CCWE-662CON06-CCWE-667, Improper Locking
CON07-CCWE-366, Race condition within a thread
CON07-CCWE-413, Improper resource locking
CON07-CCWE-567, Unsynchronized access to shared data in a multithreaded context
CON07-CCWE-667, Improper locking
CON08-CCWE-362, Concurrent execution using shared resource with improper synchronization ("race condition")
CON08-CCWE-366, Race condition within a thread
CON08-CCWE-662, Improper synchronization
DCL06-CCWE-547, Use of hard-coded, security-relevant constants
DCL10-CCWE-628, Function call with incorrectly specified arguments
ENV01-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
ENV01-CCWE-123, Write-what-where Condition
ENV01-CCWE-125, Out-of-bounds Read
ENV02-CCWE-462, Duplicate key in associative list (Alist)
ENV02-CCWE-807, Reliance on untrusted inputs in a security decision
ENV03-CCWE-78, Failure to sanitize data into an OS command (aka "OS command injection")
ENV03-CCWE-88, Argument injection or modification
ENV03-CCWE-426, Untrusted search path
ENV03-CCWE-471, Modification of Assumed-Immutable Data (MAID)
ENV03-CCWE-807, Reliance on intrusted inputs in a security decision
ERR00-CCWE-391, Unchecked error condition
ERR00-CCWE-544, Missing standardized error handling mechanism
ERR04-CCWE-705, Incorrect control flow scoping
ERR07-CCWE-20, Improper Input Validation
ERR07-CCWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ERR07-CCWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ERR07-CCWE-91, XML Injection (aka Blind XPath Injection)
ERR07-CCWE-94, Improper Control of Generation of Code ('Code Injection')
ERR07-CCWE-114, Process Control
ERR07-CCWE-601, URL Redirection to Untrusted Site ('Open Redirect')
ERR07-CCWE-676, Use of potentially dangerous function
EXP02-CCWE-768, Incorrect short circuit evaluation
EXP05-CCWE-704, Incorrect type conversion or cast
EXP08-CCWE-468, Incorrect pointer scaling
EXP09-CCWE-805, Buffer access with incorrect length value
EXP12-CCWE-754, Improper check for unusual or exceptional conditions
EXP15-CCWE-480, Use of incorrect operator
EXP16-CCWE-480, Use of incorrect operator
EXP16-CCWE-482, Comparing instead of assigning
FIO01-CCWE-73, External control of file name or path
FIO01-CCWE-367, Time-of-check, time-of-use race condition
FIO01-CCWE-676, Use of potentially dangerous function
FIO02-CCWE-22, Path traversal
FIO02-CCWE-23, Relative Path Traversal
FIO02-CCWE-28, Path Traversal: '..\filedir'
FIO02-CCWE-40, Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
FIO02-CCWE-41, Failure to resolve path equivalence
FIO02-CCWE-59, Failure to resolve links before file access (aka "link following")
FIO02-CCWE-73, External control of file name or path
FIO05-CCWE-37, Path issue—Slash absolute path
FIO05-CCWE-38, Path Issue—Backslash absolute path
FIO05-CCWE-39, Path Issue—Drive letter or Windows volume
FIO05-CCWE-62, UNIX hard link
FIO05-CCWE-64, Windows shortcut following (.LNK)
FIO05-CCWE-65, Windows hard link
FIO06-CCWE-276, Insecure default permissions
FIO06-CCWE-279, Insecure execution-assigned permissions
FIO06-CCWE-732, Incorrect permission assignment for critical resource
FIO15-CCWE-379, Creation of temporary file in directory with insecure permissions
FIO15-CCWE-552, Files or directories accessible to external parties
FIO21-CCWE-379, Creation of temporary file in directory with insecure permissions
FIO22-CCWE-403, UNIX file descriptor leak
FIO22-CCWE-404, Improper resource shutdown or release
FIO22-CCWE-770, Allocation of resources without limits or throttling
FIO24-CCWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition")
FIO24-CCWE-675, Duplicate Operations on Resource
FLP03-CCWE-369, Divide by zero
FLP06-CCWE-681, Incorrect conversion between numeric types
FLP06-CCWE-682, Incorrect calculation
INT02-CCWE-192, Integer coercion error
INT02-CCWE-197, Numeric truncation error
INT05-CCWE-192, Integer coercion error
INT05-CCWE-197, Numeric truncation error
INT07-CCWE-682, Incorrect calculation
INT10-CCWE-682, Incorrect calculation
INT10-CCWE-129, Unchecked array indexing
INT13-CCWE-682, Incorrect calculation
INT15-CCWE-681, Incorrect conversion between numeric types
INT18-CCWE-681, Incorrect conversion between numeric types
INT18-CCWE-190, Integer overflow (wrap or wraparound)
MEM00-CCWE-415, Double free
MEM00-CCWE-416, Use after free
MEM01-CCWE-415, Double free
MEM01-CCWE-416, Use after free
MEM03-CCWE-226, Sensitive information uncleared before release
MEM03-CCWE-244, Failure to clear heap memory before release ("heap inspection")
MEM04-CCWE-687, Function call with incorrectly specified argument value
MEM06-CCWE-591, Sensitive data storage in improperly locked memory
MEM06-CCWE-528, Information leak through core dump files
MEM07-CCWE-190, Integer overflow (wrap or wraparound)
MEM07-CCWE-128, Wrap-around error
MEM10-CCWE-20, Improper Input Validation
MEM10-CCWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
MEM10-CCWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
MEM10-CCWE-91, XML Injection (aka Blind XPath Injection)
MEM10-CCWE-94, Improper Control of Generation of Code ('Code Injection')
MEM10-CCWE-114, Process Control
MEM10-CCWE-601, URL Redirection to Untrusted Site ('Open Redirect')
MEM11-CCWE-770, Allocation of resources without limits or throttling
MSC00-CCWE-563, Unused variable
MSC00-CCWE-570, Expression is always false
MSC00-CCWE-571, Expression is always true
MSC06-CCWE-14, Compiler removal of code to clear buffers
MSC07-CCWE-561, Dead code
MSC09-CCWE-116, Improper encoding or escaping of output
MSC10-CCWE-176, Failure to handle Unicode encoding
MSC10-CCWE-116, Improper encoding or escaping of output
MSC11-CCWE-190, Reachable assertion
MSC18-CCWE-259, Use of Hard-coded Password
MSC18-CCWE-261, Weak Cryptography for Passwords
MSC18-CCWE-311, Missing encryption of sensitive data
MSC18-CCWE-319, Cleartext Transmission of Sensitive Information
MSC18-CCWE-321, Use of Hard-coded Cryptographic Key
MSC18-CCWE-326, Inadequate encryption strength
MSC18-CCWE-798, Use of hard-coded credentials
MSC24-CCWE-20, Insufficient input validation
MSC24-CCWE-73, External control of file name or path
MSC24-CCWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
MSC24-CCWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
MSC24-CCWE-91, XML Injection (aka Blind XPath Injection)
MSC24-CCWE-94, Improper Control of Generation of Code ('Code Injection')
MSC24-CCWE-114, Process Control
MSC24-CCWE-120, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
MSC24-CCWE-192, Integer coercion error
MSC24-CCWE-197, Numeric truncation error
MSC24-CCWE-367, Time-of-check, time-of-use race condition
MSC24-CCWE-464, Addition of data structure sentinel
MSC24-CCWE-601, URL Redirection to Untrusted Site ('Open Redirect')
MSC24-CCWE-676, Use of potentially dangerous function
POS01-CCWE-59, Failure to resolve links before file access (aka "link following")
POS01-CCWE-362, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
POS01-CCWE-367, Time-of-check, time-of-use (TOCTOU) race condition
POS02-CCWE-250, Execution with unnecessary privileges
POS02-CCWE-272, Least privilege violation
PRE09-CCWE-684, Failure to provide specified functionality
SIG00-CCWE-662, Insufficient synchronization
STR02-CCWE-88, Argument injection or modification
STR02-CCWE-78, Failure to sanitize data into an OS command (aka "OS command injection")
STR03-CCWE-170, Improper null termination
STR03-CCWE-464, Addition of data structure sentinel
STR06-CCWE-464, Addition of data structure sentinel
WIN02-CCWE-250, Execution with unnecessary privileges
WIN02-CCWE-272, Least privilege violation
WIN04-CCWE-311, Missing encryption of sensitive data
WIN04-CCWE-319, Cleartext Transmission of Sensitive Information