CINXE.COM

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?xml version="1.0"?> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="description" content="Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses." /> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <link rel="shortcut icon" href="/favicon.ico" /> <link href="/css/main.css?version=4.16.111924" rel="stylesheet" type="text/css" /> <link href="/css/custom.css" rel="stylesheet" type="text/css" />  <script src="/includes/custom_filter.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/jquery.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/cwe_minimizer.js?version=4.12.062923" language="JavaScript" type="text/javascript"></script> <script src="/includes/cookie.js?version=4.12.062923" language="Javascript" type="text/javascript"></script> <script src="/includes/includeglossarydef.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/custom.js" language="JavaScript" type="text/javascript"></script> <script src=https://cmp.osano.com/AzyhULTdPkqmy4aDN/318aa814-0420-45bb-857d-8fb5fac33ff8/osano.js></script> <link href="/css/print.css?version=1.11" rel="stylesheet" media="print" type="text/css" /> <link href="/css/mappingonly.css" rel="stylesheet" type="text/css" /> <noscript> <style type="text/css"> #script { visibility:collapse; visibility:hidden; font-size:0px; height:0px; width:0px } #noscript { visibility:visible; font-size:inherit; height:inherit; width:inherit} </style> </noscript> <title>CWE - CWE Most Important Hardware Weaknesses</title> </head> <body onload="onloadCookie()"> <a name="top" id="top"></a> <div id="MastHead" style="width:100%"> <div style="width:60%;float:left;padding-top:15px;padding-left:10px;padding-bottom:2px;"> <a href="/index.html" style="color:#32498D; text-decoration:none"> <img src="/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE" /> <h1 style="color:#314a8d;font-size:1.5em;font-family:'Verdana',sans-serif;#eee;margin: .1em auto">Common Weakness Enumeration</h1> <p style="color:#314a8d;font-family:'Times New Roman';font-style:italic;font-size:1em;#eee;margin:.1em auto 0 auto">A community-developed list of SW & HW weaknesses that can become vulnerabilities</p> </a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:8px;padding-right:4px;padding-bottom:0px;"><a href="/about/new_to_cwe.html" title="New to CWE click here logo"><img src="/images/new_to_cwe/new_to_cwe_click_here.png" height="90" border="0" alt="New to CWE? click here!" style="text-align:center"/></a></div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"><a href="/scoring/lists/2021_CWE_MIHW.html" title="CWE Most Important Hardware Weaknesses"> <img src="/images/mihw_logo.svg" width="90" border="0" alt="CWE Most Important Hardware Weaknesses" style="vertical-align:bottom"/></a></div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"><a href="/top25/" title="CWE Top 25"><img src="/images/cwe_top_25_logo_simple.svg" width="90" border="0" alt="CWE Top 25 Most Dangerous Weaknesses" style="vertical-align:bottom"/></a></div> </div> <div id="HeaderBar" class="noprint"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="100%" align="left" style="padding-left:10px; font-size:75%;"> <a href="/" >Home</a> > Most Important Hardware Weaknesses (2021)   </td> <td align="right" nowrap="nowrap" style="padding-right:12px">  <div class="noprint"> <form action="/cgi-bin/jumpmenu.cgi" align="right" style="padding:0px; margin:0px"> ID <label for="id" style="padding-right:5px">Lookup:</label> <input id="id" name="id" type="text" style="width:50px; font-size:80%" maxlength="10" /> <input value="Go" style="padding: 0px; font-size:80%" type="submit"> </form> </div>  </td> </tr> </table> </div>  <div class="yesprint"> <hr width="100%" size="1" style="clear:both" color="#000000" /> </div> <div class="topnav"> <ul> <li><a href="/index.html">Home</a></li> <li> <div class="dropdown"> <a href="/about/index.html"><button class="dropbtn">About</button> ▼</a> <div class="dropdown-content"> <a href="/about/index.html">About</a> <a href="/about/new_to_cwe.html">New to CWE</a> <a href="/about/user_stories.html">User Stories</a> <a href="/about/cwe_videos.html">Videos</a> <a href="/about/history.html">History</a> <a href="/about/documents.html">Documents</a> <a href="/about/faq.html">FAQs</a> <a href="/documents/glossary/index.html">Glossary</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/data/index.html"><button class="dropbtn">CWE List</button> ▼</a> <div class="dropdown-content"> <a href="/data/index.html">Latest Version</a> <a href="/data/downloads.html">Downloads</a> <a href="https://github.com/CWE-CAPEC/REST-API-wg/blob/main/Quick%20Start.md" target="_blank" rel="noopener noreferrer">REST API</a> <a href="/data/reports.html">Reports</a> <a href="/data/pdfs.html">Visualizations</a> <a href="/data/archive.html">Archive</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/documents/cwe_usage/guidance.html"><button class="dropbtn">Mapping</button> ▼</a> <div class="dropdown-content"> <a href="/documents/cwe_usage/guidance.html">Root Cause Mapping Guidance</a> <a href="/documents/cwe_usage/quick_tips.html">Root Cause Mapping Quick Tips</a> <a href="/documents/cwe_usage/mapping_examples.html">Root Cause Mapping Examples</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/scoring/index.html#top_n_lists"><button class="dropbtn">Top-N Lists</button> ▼</a> <div class="dropdown-content"> <a href="/top25/">Top 25 Software</a> <a href="/scoring/lists/2021_CWE_MIHW.html">Top Hardware</a> <a href="/top25/archive/2023/2023_kev_list.html">Top 10 KEV Weaknesses</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/community/index.html"><button class="dropbtn">Community</button> ▼</a> <div class="dropdown-content"> <a href="/community/index.html">Community</a> <a href="/community/working_groups.html">Working Groups & Special Interest Groups</a> <a href="/community/board.html">Board</a> <a href="/community/board.html#boardarchives">Board Meeting Minutes</a> <a href="/community/registration.html">CWE Discussion List</a> <a target="_blank" href="https://www.mail-archive.com/cwe-research-list@mitre.org/">CWE Discussion Archives</a> <a href="/community/submissions/overview.html">Contribute Weakness Content to CWE</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/news/"><button class="dropbtn">News</button> ▼</a> <div class="dropdown-content"> <a href="/news/">Current News</a> <a href="https://x.com/CweCapec" target="_blank" rel="noopener noreferrer">X-Twitter <img src="/images/x-logo-black.png" width="12" height="12" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X-Twitter"></a> <a href="https://mastodon.social/@CWE_Program" target="_blank" rel="noopener noreferrer">Mastodon <img src="/images/mastodon-logo.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X (formerly Twitter)"></a> <a href="https://www.linkedin.com/showcase/cve-cwe-capec" target="_blank" rel="noopener noreferrer">LinkedIn <img src="/images/linkedin_sm.jpg" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="LinkedIn"></a> <a href="https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA" target="_blank" rel="noopener noreferrer">YouTube <img src="/images/youtube.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="YouTube"></a> <a href="/news/podcast.html">Podcast <img src="/images/out_of_bounds_read_logo.png" width="16" height="16" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Out of Bounds Read Podcast"></a> <a href="https://medium.com/@CWE_CAPEC" target="_blank" rel="noopener noreferrer">Medium <img src="/images/medium_sm.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Medium"></a> <a href="/news/archives/index.html">News Archive</a> </div> </li> <li style="border-color:#aaaaaa"><a href="/find/index.html">Search</a></li> </ul> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0" id="MainPane"> <tr>  <td valign="top" rowspan="2" id="LeftPane">  <script type="text/javascript">browserheight();</script> </td>  <td style="height:1px"></td>  <td valign="top" align="center" rowspan="2" nowrap="nowrap" id="RightPane"> </td>  </tr> <tr>  <td valign="top" width="100%" id="Contentpane">  <div id="styled_popup" name="styled_popup" style="display:none; position:fixed; top:300; height:auto; width:300px; z-index:1000"> <table width="300" cellpadding="0" cellspacing="0" border="0" style="border:1px solid #32498D;"> <tr style="background-color:#32498D; color:#ffffff;"> <td width="100%" style="padding:1px 5px 1px 5px; border-bottom:1px solid #000000"><div width="100%" style="font-weight:bold;">CWE Glossary Definition</div></td> <td nowrap="nowrap" style="padding:1px; border-bottom:1px solid #000000" valign="top"><a href="javascript:styledPopupClose();"><img src="/images/layout/close.gif" border="0" alt="x"></a></td> </tr> <tr><td colspan="2" style="background: url(/images/layout/ylgradient.jpg); background-repeat: repeat-x repeat-y; padding:5px; background-color:#FFFFCC; " valign="top"> <div id="output" style="max-height:400px; overflow-y:auto"></div> </td></tr> </table> </div> <div class="mihwpage"> <h2 class="header">2021 CWE Most Important Hardware Weaknesses</h2>  <div class="top"> <div id="PageContents"> <a href="#list">CWE HW List</a> | <a href="#methodology">Methodology</a> | <a href="#on_the_cusp">On the Cusp</a> | <a href="#limitations">Limitations</a> | <a href="#acknowledgments">Acknowledgments</a> </div> </div>  <p class="tablehead" id="introduction">Introduction</p> <div style="float:left;padding-top:8px;text-align:right;padding-right:10px;padding-bottom:8px;"><img src="/images/mihw_2021.png" width="200" border="0" alt="CWE Most Important Hardware Weaknesses (2021)" style="vertical-align:bottom"></div> <p>The 2021 CWE™ Most Important Hardware Weaknesses is the first of its kind and the result of collaboration within the <a href="/documents/HW_CWE_SIG.pdf" target="_blank" rel="noopener noreferrer">Hardware CWE Special Interest Group (SIG)</a>, a community forum for individuals representing organizations within hardware design, manufacturing, research, and security domains, as well as academia and government.</p> <p>The goals for the 2021 Hardware List are to drive awareness of common hardware weaknesses through CWE, and to prevent hardware security issues at the source by educating designers and programmers on how to eliminate important mistakes early in the product development lifecycle. Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Hardware consumers could use the list to help them to ask for more secure hardware products from their suppliers. Finally, managers and CIOs can use the list as a measuring stick of progress in their efforts to secure their hardware and ascertain where to direct resources to develop security tools or automation processes that mitigate a wide class of vulnerabilities by eliminating the underling root cause.</p> <p>MITRE maintains the CWE web site with the support of the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), presenting detailed descriptions of the 2021 Hardware List weaknesses along with authoritative guidance for mitigating and avoiding them. The CWE site contains data on more than 900 programming, design, and architecture weaknesses that can lead to exploitable vulnerabilities. MITRE also publishes the <a href="/top25/" target="_blank" rel="noopener noreferrer">CWE Top-25 Most Dangerous Software Weaknesses</a> on an annual basis.</p> <p class="tablehead" id="list">The 2021 CWE Most Important Hardware Weaknesses</p> <p>Below is a brief listing of the weaknesses in the 2021 CWE Most Important Hardware Weaknesses listed in numerical order by CWE identifier. This is an unranked list.</p> <table id="Detail" style="margin-left:auto; margin-right:auto;" border="2" cellpadding="2" cellspacing="2"> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1189.html">CWE-1189</a></td><td>Improper Isolation of Shared Resources on System-on-a-Chip (SoC)</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1191.html">CWE-1191</a></td><td>On-Chip Debug and Test Interface With Improper Access Control</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1231.html">CWE-1231</a></td><td>Improper Prevention of Lock Bit Modification</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1233.html">CWE-1233</a></td><td>Security-Sensitive Hardware Controls with Missing Lock Bit Protection</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1240.html">CWE-1240</a></td><td>Use of a Cryptographic Primitive with a Risky Implementation</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1244.html">CWE-1244</a></td><td>Internal Asset Exposed to Unsafe Debug Access Level or State</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1256.html">CWE-1256</a></td><td>Improper Restriction of Software Interfaces to Hardware Features</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1260.html">CWE-1260</a></td><td>Improper Handling of Overlap Between Protected Memory Ranges</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1272.html">CWE-1272</a></td><td>Sensitive Information Uncleared Before Debug/Power State Transition</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1274.html">CWE-1274</a></td><td>Improper Access Control for Volatile Memory Containing Boot Code</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1277.html">CWE-1277</a></td><td>Firmware Not Updateable</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1300.html">CWE-1300</a></td><td>Improper Protection of Physical Side Channels</td></tr> </table> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"><a class="backtop" href="#top">Back to top</a></div> <p class="tablehead" id="methodology">Methodology</p> <p>The initial survey effort to begin the identification of a “Top-N” list for hardware was done by members of the SIG who each chose a prioritized set of 10 weaknesses from the 96 hardware entries in the CWE corpus. This process identified a total of 31 unique entries. The HW CWE team also provided a set of questions for participants to weigh during their thinking, including those applicable to prevalence and detection metrics, mitigation metrics, exploitability metrics, and other miscellaneous metrics. From an initial set of 27 questions, the SIG members identified 9 as particularly significant in their consideration for voting on the list:</p> <ol> <li>How frequently is this weakness detected after it has been fielded? </li> <li>Does the weakness require hardware modifications to mitigate it? </li> <li>How frequently is this weakness detected during design? </li> <li>How frequently is this weakness detected during test? </li> <li>Can the weakness be mitigated once the device has been fielded? </li> <li>Is physical access required to exploit this weakness?</li> <li>Can an attack exploiting this weakness be conducted entirely via software?</li> <li>Is a single exploit against this weakness applicable to a wide range (or family) of devices?</li> <li>What methodologies do you practice for identifying and preventing both known weaknesses and new weaknesses?</li> </ol> <p>When reflecting on the 31 entries identified during the initial survey, the SIG determined that the ideal length for a published “Top-N” list should be approximately ten percent of the total hardware CWE entries – roughly 10. Accordingly, the SIG convened to hold a formal voting session to distill the previously selected 31 entries in September 2021. Using a card-sorting platform and a Likert-scale approach, each SIG member had the opportunity to transfer the 31 entries into various "buckets" of priority (via drag and drop). There were five buckets:</p> <ul> <li>Strongly Support – (for inclusion in the Top-N)</li> <li>Somewhat Support </li> <li>No Opinion</li> <li>Somewhat Oppose </li> <li>Strongly Oppose</li> </ul> <p>After the voting, the CWE team and SIG members collectively reviewed the findings and applied a scoring method where the buckets were assigned weights of +2, +1, 0, -1, and -2, respectively. For each CWE entry, these weights were multiplied against the percentage of votes in each bucket, with the percentage expressed as a value between 0 and 1. The highest possible score was 2.0 (with 100% of all votes for “Strongly Support”). The entry with the highest score had a score of 1.42. This resulted in a ranked order of the 31 previously selected hardware CWEs with a clear delineation in score after the highest 12 and the highest 17 entries. The highest 12 entries had scores from 1.03 to 1.42, and the next 5 entries ranges from 0.91 to 0.97. The next highest score was 0.80. These entries became the 2021 CWE Most Important Hardware Weaknesses List and the Hardware Weaknesses on the Cusp (see above and below). While our methodology came up with a ranking for these 12(+5) entries, the HW CWE team and the SIG believe that it is impractical to think of the list as a hierarchical, ordered set in terms of importance. The entries should be thought of as a set of mostly equal hardware weakness concerns based on our methodology.</p> <p>With these criteria, future versions of the CWE Most Important Hardware Weaknesses will evolve to cover different weaknesses. Our goal is to provide the most useful list possible for the community. Limitations of our methodology are articulated below.</p> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"><a class="backtop" href="#top">Back to top</a></div> <p class="tablehead" id="on_the_cusp">Weaknesses on the Cusp</p> <p>In a similar way to the CWE Top 25 Most Dangerous Software Weaknesses, the CWE team feels it is important to share these five additional hardware weaknesses that were supported by the Hardware CWE SIG yet ultimately scored just outside of the final 2021 CWE Most Important Hardware Weaknesses list.</p> <p>Individuals that perform mitigation and risk decision-making using the 2021 CWE Hardware List may want to consider including these additional weaknesses in their analyses. Weaknesses on the Cusp are listed in numerical order by CWE-ID.</p> <table id="Detail" style="margin-left:auto; margin-right:auto;" border="2" cellpadding="2" cellspacing="2"> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/226.html">CWE-226</a></td><td>Sensitive Information in Resource Not Removed Before Reuse</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1247.html">CWE-1247</a></td><td>Improper Protection Against Voltage and Clock Glitches</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1262.html">CWE-1262</a></td><td>Improper Access Control for Register Interface</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1331.html">CWE-1331</a></td><td>Improper Isolation of Shared Resources in Network On Chip (NoC)</td></tr> <tr><td style="text-align:center;"><a target="_blank" rel="noopener noreferrer" href="/data/definitions/1332.html">CWE-1332</a></td><td>Improper Handling of Faults that Lead to Instruction Skips</td></tr> </table> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"><a class="backtop" href="#top">Back to top</a></div> <p class="tablehead" id="limitations">Limitations of the Methodology</p> <p>The methodology used to generate the inaugural CWE Most Important Hardware Weaknesses List is limited somewhat in terms of scientific and statistical rigor. In the absence of more relevant data from which to conduct systematic inquiry, the list was compiled using a modified Delphi method leveraging subjective opinions, albeit from informed content knowledge experts. </p> <p>The software CWE Top-25 leverages CVE® data within the NIST National Vulnerability Database (NVD) for a data-driven approach that considers weakness type frequency and severity. This is not possible in the hardware domain primarily because there are limited associations of HW CWEs with CVEs due to the HW CWE's infancy. Recently, the CVE program has been working to issue CVE records for hardware vulnerabilities. While post-release hardware vulnerabilities are far less frequent than that of software, as more hardware vulnerability data is readily available, the CWE Hardware List methodology will potentially change.</p> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"><a class="backtop" href="#top">Back to top</a></div> <p class="tablehead" id="acknowledgments">Acknowledgments</p> <p>The 2021 CWE Hardware team includes (in alphabetical order by last name): John Butterworth, Steve Christey Coley, Kerry Crouse, Christina Johns, Gananand Kini, Chris Lathrop, Luke Malinowski, and Alec Summers. </p> <p>Also, tremendous thanks go to the HW CWE SIG membership, which includes at the time of publication (in alphabetical order by first name):</p> <p>Alric Althoff, Tortuga Logic<br/>Andreas Schweiger, Airbus Defense and Space<br/>Arun Kanuparthi, Intel Corporation<br/>Ashish Darbari, Axiomise<br/>Bruce Monroe, Intel Corporation<br/>Charles Timko, Red Hat<br/>Daniel DiMase, Aerocyonics<br/>Domenic Forte, University of Florida<br/>Farbod Foomany, Security Compass<br/>Hareesh Khattri, Intel Corporation<br/>James Pangburn, Cadence Design Systems<br/>Jason Fung, Intel Corporation<br/>Jason Oberg, Tortuga Logic<br/>Jasper van Woudenberg, Riscure<br/>John Bommer, Air Force Institute of Technology<br/>Kathy Herring Hayashi, Qualcomm<br/>Lang Lin, Ansys<br/>Luca Bongiorni, Bentley Systems<br/>Matthew Coles, Dell Technologies<br/>Milind R. Kulkarni, NVIDIA<br/>Mohan Lal, NVIDIA<br/>Narasimha Kumar V Mangipudi, Lattice Semiconductor<br/>Naveen Sanaka, Dell Technologies<br/>Nicole Fern, Riscure<br/>Parbati K Manna, Intel Corporation<br/>Paul Wooderson, MIRA - A Horiba Company<br/>Paul Wortman, Wells Fargo<br/>Robert van Spyk<br>Sayee Santhosh Ramesh, Intel Corporation<br/>Sohrab Aftabjahani, Intel Corporation<br/>Srinivas Naik, Intel Corporation<br/>Thomas Ford, Dell Technologies<br/></p> <p>... and many others who chose to remain anonymous.</p> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"><a class="backtop" href="#top">Back to top</a></div> </div>  <div id="More_Message_Custom" style="display:none;"> <div style="padding:15px 0px 0px 0px;color:#ff0000;font-size:95%;font-weight:bold;text-align:center;" >More information is available — Please edit the custom filter or select a different filter.</div></div> </td>  </tr> </table> <div id="FootPane" class="noprint"> <div id="footbar"> <b>Page Last Updated: </b> August 06, 2024 </div> <div class="Footer noprint"> <a name="footer" id="footer"></a> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="ltgreybackground" style="clear:both"> <tr> <td colspan="3" id="line"><div class="line"> </div></td> </tr> <tr> <td valign="middle" nowrap="nowrap"> <div id="footerlinks" class="footlogo"> <a href="http://www.mitre.org" target="_blank" rel="noopener noreferrer"><img src="/images/mitre_logo.gif" height="36" border="0" alt="MITRE" title="MITRE"/></a> </div> </td> <td width="100%" valign="top" style="padding:6px 0px;"> <div id="footerlinks"> <a href="/sitemap.html">Site Map</a> | <a href="/about/termsofuse.html">Terms of Use</a> | <a href="#" onclick="Osano.cm.showDrawer('osano-cm-dom-info-dialog-open')">Manage Cookies</a> | <a href="/about/cookie_notice.html">Cookie Notice</a> | <a href="/about/privacy_policy.html">Privacy Policy</a> | <a href="mailto:cwe@mitre.org">Contact Us</a> | <a target="_blank" href="https://twitter.com/CweCapec"><img src="/images/x-logo-black.png" width="18" height="18" style="border:0;vertical-align:right;" alt="CWE X-Twitter" title="CWE X-Twitter"></a> <a target="_blank" href="https://mastodon.social/@CWE_Program"><img src="/images/mastodon-logo.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Mastodon" title="CWE Mastodon"></a> <a target="_blank" href="https://www.linkedin.com/showcase/cve-cwe-capec"><img src="/images/linkedin_sm.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on LinkedIn" title="CWE on LinkedIn"></a> <a target="_blank" href="https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA"><img src="/images/youtube.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE YouTube channel" title="CWE YouTube Channel"></a> <a href="/news/podcast.html"><img src="/images/out_of_bounds_read_logo.png" width="22" height="22" style="border:0;vertical-align:right;" alt="CWE Out-of-Bounds-Read Podcast" title="CWE Out-of-Bounds-Read Podcast"></a> <a target="_blank" href="https://medium.com/@CWE_CAPEC"><img src="/images/medium.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Blog on Medium blog" title="CWE Blog on Medium"></a> </div> <p>Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the <a href="/about/termsofuse.html">Terms of Use</a>. CWE is sponsored by the <a target="_blank" rel="noopener noreferrer" href="https://www.dhs.gov/">U.S. Department of Homeland Security</a> (DHS) <a target="_blank" rel="noopener noreferrer" href="https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency</a> (CISA) and managed by the <a href="https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer">Homeland Security Systems Engineering and Development Institute</a> (HSSEDI) which is operated by <a target="_blank" rel="noopener noreferrer" href="http://www.mitre.org/">The MITRE Corporation</a> (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.</p> </td> <td valign="middle" nowrap="nowrap"> <div id="footerlinks" class="footlogo"> <a href="https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer"><img src="/images/hssedi.png" height="36" border="0" alt="HSSEDI" title="HSSEDI"/></a> </div> </td> </tr> </table> </div> </div>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-TCLW30GNGV"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-TCLW30GNGV'); </script> </body> </html>