View, compare, or restore historical versions of this page. Older versions may be automatically deleted based on rules set by your administrator.

  Version Published Changed By Comment Actions
CURRENT (v. 246) Nov 07, 2024 09:35 Caden Milne Updated references from C11->C23  
v. 245 May 19, 2023 09:03 David Svoboda prevent integer wrapping
v. 244 Apr 20, 2023 05:20 Jill Britton
v. 243 Jan 19, 2023 09:06 Jill Britton
v. 242 Jan 18, 2023 11:47 Jill Britton
v. 241 Oct 27, 2022 16:54 David Svoboda
v. 240 Oct 13, 2022 08:14 David Svoboda
v. 239 Oct 03, 2022 10:26 Jill Britton
v. 238 Oct 03, 2022 09:49 Jill Britton
v. 237 Sep 26, 2022 16:16 Anirban Gangopadhyay
v. 236 Apr 27, 2022 07:52 Jill Britton
v. 235 Nov 30, 2021 11:40 Jill Britton
v. 234 Sep 07, 2021 09:23 David Svoboda
v. 233 Jun 24, 2021 08:22 Svyatoslav Razmyslov
v. 232 Apr 23, 2021 04:05 Jill Britton
v. 231 Apr 20, 2021 12:08 Jill Britton
v. 230 Apr 20, 2021 11:06 Jill Britton
v. 229 Apr 20, 2021 05:35 Jill Britton
v. 228 Mar 03, 2021 14:02 Kris Kafka Added PC-lint Plus to Automated Detection Table
v. 227 Jan 27, 2021 08:35 David Svoboda
v. 226 Jan 27, 2021 08:34 David Svoboda Added Sudo vul
v. 225 Jan 27, 2021 08:32 David Svoboda
v. 224 Dec 02, 2019 11:13 Dario Necco
v. 223 Dec 02, 2019 05:37 Dario Necco
v. 222 Nov 29, 2019 10:08 Dario Necco
v. 221 Aug 30, 2019 15:03 Anirban Gangopadhyay
v. 220 Aug 30, 2019 15:03 Anirban Gangopadhyay
v. 219 Aug 23, 2019 03:34 Joerg Herter
v. 218 Jul 31, 2019 12:12 Jakub Zwolakowski Added TrustInSoft Analyzer to the Automated Detection table.
v. 217 Jul 09, 2019 16:37 Jon O'Donnell
v. 216 Jul 09, 2019 13:39 Jon O'Donnell
v. 215 Dec 14, 2018 07:01 Jill Britton
v. 214 Dec 07, 2018 11:47 Jill Britton
v. 213 Oct 18, 2018 23:07 Unknown User (lflynn) fixed mapping notes
v. 212 Sep 11, 2018 12:53 Aleksandr Karbyshev
v. 211 Sep 11, 2018 12:52 Aleksandr Karbyshev
v. 210 Aug 06, 2018 04:28 Michal Rozenau Parasoft C/C++test 10.4
v. 209 Jul 30, 2018 15:43 Anirban Gangopadhyay
v. 208 Mar 27, 2018 05:39 Svyatoslav Razmyslov
v. 207 Mar 12, 2018 17:29 Arthur Hicken updated parasoft
v. 206 Mar 12, 2018 05:15 Svyatoslav Razmyslov
v. 205 Mar 12, 2018 05:11 Svyatoslav Razmyslov
v. 204 Mar 12, 2018 02:24 Svyatoslav Razmyslov
v. 203 Feb 13, 2018 16:42 Arthur Hicken updated parasoft
v. 202 Feb 12, 2018 21:54 Will Snavely
v. 201 Feb 12, 2018 14:13 Arthur Hicken update parasoft
v. 200 Jan 12, 2018 19:15 Unknown User (lflynn)
v. 199 Nov 16, 2017 14:40 Will Snavely
v. 198 Sep 04, 2017 04:22 Joerg Herter
v. 197 Aug 16, 2017 09:59 Will Snavely
v. 196 Aug 14, 2017 03:43 Nelson Tam
v. 195 Aug 10, 2017 10:04 Jill Britton
v. 194 May 22, 2017 07:49 Jill Britton
v. 193 May 19, 2017 10:48 Will Snavely
v. 192 May 19, 2017 05:45 Jill Britton
v. 191 May 18, 2017 10:51 Jill Britton
v. 190 May 18, 2017 09:53 Lisa Robertson
v. 189 Feb 23, 2017 12:35 Lisa Robertson
v. 188 Feb 17, 2017 11:09 Lisa Robertson
v. 187 Oct 25, 2016 11:06 Will Snavely
v. 186 Jul 28, 2016 12:27 Sandy Shrum
v. 185 May 13, 2016 12:36 Ram Cherukuri
v. 184 May 04, 2016 14:12 Ram Cherukuri
v. 183 Feb 10, 2016 12:28 Will Snavely
v. 182 Feb 10, 2016 12:26 Will Snavely
v. 181 Feb 05, 2016 18:31 Will Snavely
v. 180 Oct 26, 2015 19:55 Arthur Hicken added parasoft
v. 179 Oct 26, 2015 13:33 Sandy Shrum
v. 178 Aug 03, 2015 07:52 Liz Whiting
v. 177 Jul 21, 2015 13:09 Carol J. Lallier
v. 176 Mar 31, 2015 23:41 Will Snavely
v. 175 Mar 30, 2015 16:34 Will Snavely
v. 174 Jan 22, 2015 10:41 Robert Seacord (Manager)
v. 173 Jan 22, 2015 10:22 Robert Seacord (Manager) updated off-by-one error
v. 172 Jan 22, 2015 09:59 Robert Seacord (Manager) Reverted from v. 170
v. 171 Jan 19, 2015 11:46 Robert Seacord off by one errors in our off by one error examples
v. 170 Sep 08, 2014 13:05 Aaron Ballman
v. 169 Aug 04, 2014 16:49 Jill Britton
v. 168 Jul 31, 2014 11:22 Amy Gale Added CodeSonar entry to Automated Detection section
v. 167 Apr 16, 2014 09:07 Carol J. Lallier
v. 166 Apr 16, 2014 09:06 Carol J. Lallier
v. 165 Apr 16, 2014 08:56 Carol J. Lallier
v. 164 Jan 17, 2014 10:19 Carol J. Lallier
v. 163 Dec 05, 2013 13:45 Aaron Ballman Fixing formatting
v. 162 Dec 05, 2013 12:30 John Benito example cleanup
v. 161 Dec 03, 2013 17:28 Carol J. Lallier
v. 160 Dec 01, 2013 10:24 David Svoboda
v. 159 Dec 01, 2013 09:35 David Svoboda refinement of intro text
v. 158 Dec 01, 2013 08:17 Robert Seacord (Manager) referenced MEM35-C and moved related vulnerability from there to here
v. 157 Nov 30, 2013 10:59 Aaron Ballman Minor edits; reviewed
v. 156 Nov 30, 2013 09:41 David Svoboda wordsmithing
v. 155 Nov 30, 2013 08:21 Robert Seacord (Manager) minor edits; reviewed
v. 154 Nov 27, 2013 17:07 Robert Seacord (Manager) made a bunch of edits and also deleted an extraneous code example; this rule appears to need work.
v. 153 Nov 27, 2013 15:14 David Svoboda some FIO34-C-related changes
v. 152 Nov 25, 2013 17:08 Aaron Ballman
v. 151 Nov 25, 2013 16:49 David Svoboda added scanf NCCE/CS pair
v. 150 Nov 24, 2013 09:20 Robert Seacord (Manager)
v. 149 Nov 23, 2013 18:18 David Svoboda ate STR35-C
v. 148 Nov 21, 2013 13:41 David Svoboda xref ARR30 & ARR38
v. 147 Oct 12, 2013 14:43 Carol J. Lallier Migrated to Confluence 5.3
v. 146 Oct 12, 2013 14:43 Carol J. Lallier
v. 145 Oct 09, 2013 10:01 Aaron Ballman Minor edits; reviewed
v. 144 Oct 01, 2013 06:55 Carol J. Lallier
v. 143 Sep 28, 2013 13:37 Aaron Ballman
v. 142 Sep 17, 2013 15:10 Aaron Ballman Removed the memcpy CS, updated CSs to properly check argc; reviewed
v. 141 Jun 24, 2013 10:24 Carol J. Lallier
v. 140 Mar 12, 2013 10:58 Carol J. Lallier
v. 139 Mar 10, 2013 19:12 Carol J. Lallier
v. 138 Mar 10, 2013 17:00 Carol J. Lallier
v. 137 Mar 08, 2013 16:05 Sujay Jain
v. 136 Feb 26, 2013 15:07 Carol J. Lallier
v. 135 Feb 26, 2013 09:17 Carol J. Lallier
v. 134 Feb 26, 2013 09:15 Carol J. Lallier
v. 133 Nov 16, 2012 11:48 Jill Britton
v. 132 Nov 08, 2012 17:35 Pranjal Jumde
v. 131 Nov 08, 2012 10:42 Jill Britton
v. 130 Jun 14, 2012 09:52 Carol J. Lallier
v. 129 Jun 06, 2012 09:25 Carol J. Lallier
v. 128 May 25, 2012 08:04 Carol J. Lallier
v. 127 May 08, 2012 13:49 Astha Singhal
v. 126 Nov 28, 2011 11:39 Robert Seacord Migrated to Confluence 4.0
v. 125 Nov 28, 2011 11:39 Robert Seacord
v. 124 Nov 28, 2011 11:17 Robert Seacord
v. 123 Aug 10, 2011 10:59 Robert Seacord (Manager)
v. 122 Aug 10, 2011 08:09 Robert Seacord (Manager)
v. 121 Aug 08, 2011 15:57 Robert Seacord
v. 120 Jul 18, 2011 10:23 Shannon Haas
v. 119 Jul 08, 2011 09:35 Andrew Keeton String -> NTBS (Reverted from v. 115)
v. 118 Jul 07, 2011 16:11 Andrew Keeton NTBS -> str
v. 117 Jul 07, 2011 15:28 Andrew Keeton
v. 116 Jul 07, 2011 15:25 Andrew Keeton
v. 115 Jul 21, 2010 11:35 Melanie Thompson
v. 114 Jul 08, 2010 10:21 Melanie Thompson
v. 113 Jun 22, 2010 15:31 David Svoboda Edited by NavBot (vkp) v1.0
v. 112 Jun 22, 2010 15:08 David Svoboda Avoided assuming argv[0] is non-null.
v. 111 Apr 23, 2010 18:23 Martin Sebor Avoided assuming argv[0] is non-null.
v. 110 Mar 03, 2010 17:26 Alen Zukich
v. 109 Feb 18, 2010 22:59 Martin Sebor Referenced the latest CWE instead of an old draft.
v. 108 Feb 18, 2010 21:28 Martin Sebor Added CWE-129 to References.
v. 107 Feb 08, 2010 11:21 Robert Seacord (Manager) changed xorl link
v. 106 Jun 16, 2009 14:01 Ankur Goyal changed xorl link
v. 105 Jun 12, 2009 10:09 Ankur Goyal added quotes around the referenced name of xorl article
v. 104 Jun 12, 2009 09:53 Ankur Goyal changed xorl 2009 to 2009-1252 to make it more specific
v. 103 Jun 11, 2009 13:12 Ankur Goyal Further wording improvements on Related Vulnerabilities section
v. 102 Jun 11, 2009 11:14 Ankur Goyal wording fix
v. 101 Jun 11, 2009 11:14 Ankur Goyal wording fix on related vul 1
v. 100 Jun 11, 2009 11:10 Ankur Goyal fixed xorl 2009 link
v. 99 Jun 11, 2009 11:04 Ankur Goyal changed wording of related vulnerabilities
v. 98 Jun 11, 2009 10:31 Ankur Goyal Added a related vulnerability (number 1)
v. 97 Nov 19, 2008 15:33 David Svoboda Edited by NavBot (jp)
v. 96 Nov 19, 2008 13:55 Justin Pincar Edited by NavBot (jp)
v. 95 Oct 23, 2008 15:15 Gina DeCola
v. 94 Aug 22, 2008 13:32 David Svoboda Added sprintf NCCE/CCE
v. 93 Aug 13, 2008 10:05 Justin Pincar
v. 92 Jul 25, 2008 20:50 Steve Christey
v. 91 Jul 22, 2008 11:06 Justin Pincar
v. 90 Jul 21, 2008 16:34 Justin Pincar
v. 89 Jul 21, 2008 10:53 Justin Pincar
v. 88 Jul 16, 2008 13:13 Justin Pincar Edited by sciSpider v2.4 (sch jbop) (X_X)@==(Q_Q)@
v. 87 Jul 16, 2008 13:12 Justin Pincar
v. 86 Jul 16, 2008 13:12 Justin Pincar
v. 85 Jul 14, 2008 13:31 Alex Volkovitsky
v. 84 Jul 03, 2008 11:22 Justin Pincar
v. 83 Jul 03, 2008 11:19 Justin Pincar
v. 82 Jul 03, 2008 11:06 Justin Pincar
v. 81 Jun 23, 2008 15:08 Alex Volkovitsky
v. 80 Jun 20, 2008 16:09 Alex Volkovitsky
v. 79 Jun 09, 2008 11:42 Alex Volkovitsky
v. 78 Jun 09, 2008 10:29 Justin Pincar Edited by sciSpider v2.1 (sch jbop) (X_X)@==(Q_Q)@
v. 77 Jun 05, 2008 15:35 Alex Volkovitsky
v. 76 May 30, 2008 21:37 Robert Seacord (Manager) made the NCCE and CS for getenv closer
v. 75 May 30, 2008 21:15 Robert Seacord (Manager) program
v. 74 May 30, 2008 21:05 Robert Seacord (Manager)
v. 73 May 28, 2008 14:18 Justin Pincar Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@
v. 72 May 14, 2008 17:40 Robert Seacord
v. 71 May 05, 2008 10:39 David Svoboda
v. 70 May 05, 2008 10:38 David Svoboda
v. 69 Apr 10, 2008 13:21 cjohns
v. 68 Apr 10, 2008 10:58 Ed Desautels Consider replacing "Guarantee" with "Ensure" in title. Also, in the third para under "Non-Compliant ... TOCTOU)," consider killing "Effectively" at beginning of sentence.
v. 67 Apr 07, 2008 14:58 cjohns
v. 66 Apr 03, 2008 13:58 cjohns
v. 65 Mar 30, 2008 21:36 David Keaton
v. 64 Mar 27, 2008 15:21 David Svoboda Merged individual example files into one big happy rule file
v. 63 Mar 27, 2008 14:01 David Svoboda
v. 62 Mar 27, 2008 13:46 David Svoboda
v. 61 Feb 06, 2008 13:11 cjohns
v. 60 Feb 06, 2008 12:15 cjohns
v. 59 Feb 06, 2008 12:07 cjohns
v. 58 Jan 31, 2008 10:06 Lee Mancuso
v. 57 Dec 07, 2007 16:04 Robert Seacord
v. 56 Dec 07, 2007 16:03 Robert Seacord Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@
v. 55 Oct 23, 2007 15:53 Justin Pincar Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@
v. 54 Jun 22, 2007 10:29 Justin Pincar Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@
v. 53 Jun 01, 2007 09:57 Justin Pincar
v. 52 May 20, 2007 10:27 Robert Seacord
v. 51 Mar 19, 2007 11:24 Osona Steave
v. 50 Mar 16, 2007 12:57 Osona Steave
v. 49 Mar 12, 2007 11:49 Pamela Curtis
v. 48 Mar 08, 2007 14:51 Jeffrey Gennari
v. 47 Mar 08, 2007 14:27 Jeffrey Gennari
v. 46 Mar 08, 2007 14:16 Jeffrey Gennari
v. 45 Mar 08, 2007 14:12 Jeffrey Gennari
v. 44 Mar 08, 2007 13:17 Jeffrey Gennari
v. 43 Mar 08, 2007 12:52 Jeffrey Gennari
v. 42 Mar 08, 2007 12:39 Jeffrey Gennari
v. 41 Mar 08, 2007 12:39 Jeffrey Gennari
v. 40 Mar 08, 2007 12:37 Jeffrey Gennari
v. 39 Mar 08, 2007 12:37 Jeffrey Gennari
v. 38 Mar 08, 2007 12:36 Jeffrey Gennari
v. 37 Mar 08, 2007 11:50 Jeffrey Gennari
v. 36 Mar 08, 2007 10:50 Jeffrey Gennari
v. 35 Mar 08, 2007 10:32 Jeffrey Gennari
v. 34 Mar 08, 2007 10:31 Jeffrey Gennari
v. 33 Mar 08, 2007 10:27 Jeffrey Gennari
v. 32 Feb 22, 2007 14:57 Osona Steave
v. 31 Feb 22, 2007 07:45 Jeffrey Gennari
v. 30 Feb 22, 2007 07:42 Jeffrey Gennari
v. 29 Feb 22, 2007 07:40 Jeffrey Gennari
v. 28 Feb 22, 2007 07:39 Jeffrey Gennari
v. 27 Feb 21, 2007 15:49 Jeffrey Gennari
v. 26 Feb 21, 2007 15:48 Jeffrey Gennari
v. 25 Feb 21, 2007 15:47 Jeffrey Gennari
v. 24 Feb 21, 2007 15:45 Jeffrey Gennari
v. 23 Feb 21, 2007 07:47 Jeffrey Gennari
v. 22 Feb 15, 2007 11:32 Jeffrey Gennari
v. 21 Feb 15, 2007 11:31 Jeffrey Gennari
v. 20 Feb 15, 2007 11:14 Jeffrey Gennari
v. 19 Feb 15, 2007 09:49 Jeffrey Gennari
v. 18 Feb 09, 2007 09:53 Jeffrey Gennari
v. 17 Feb 08, 2007 09:38 Jeffrey Gennari
v. 16 Feb 08, 2007 09:36 Jeffrey Gennari
v. 15 Feb 08, 2007 09:33 Jeffrey Gennari
v. 14 Feb 02, 2007 15:00 Jeffrey Gennari
v. 13 Nov 08, 2006 14:23 Jodi Blake
v. 12 Sep 16, 2006 13:24 Robert Seacord
v. 11 Sep 16, 2006 12:17 Robert Seacord
v. 10 Sep 16, 2006 12:05 Robert Seacord
v. 9 Sep 15, 2006 22:38 Robert Seacord
v. 8 Sep 01, 2006 01:41 Robert Seacord
v. 7 Aug 30, 2006 16:13 Pamela Curtis
v. 6 Aug 25, 2006 11:07 Admin
v. 5 Aug 24, 2006 14:52 Pamela Curtis
v. 4 Jul 25, 2006 15:20 Admin
v. 3 Jul 25, 2006 15:09 Admin
v. 2 Jun 19, 2006 21:47 Robert C. Seacord
v. 1 May 24, 2006 17:42 Admin

Return to Page Information