CINXE.COM
CWE - CWE-1154: Weaknesses Addressed by the SEI CERT C Coding Standard (4.16)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><!--?xml version="1.0"?--> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" encoding="iso-8859-1"> <head> <base href="https://cwe.mitre.org/data/definitions/1154.html"> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="description" content="Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses."> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <link rel="shortcut icon" href="/favicon.ico"> <link href="/css/main.css?version=4.16.111924" rel="stylesheet" type="text/css"> <link href="/css/custom.css" rel="stylesheet" type="text/css"><!--[if IE]> <link rel="stylesheet" type="text/css" href="/css/ie.css?version=1.7" /> <![endif]--> <script src="/includes/custom_filter.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/jquery.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/cwe_minimizer.js?version=4.12.062923" language="JavaScript" type="text/javascript"></script> <script src="/includes/cookie.js?version=4.12.062923" language="Javascript" type="text/javascript"></script> <script src="/includes/includeglossarydef.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/custom.js" language="JavaScript" type="text/javascript"></script> <script src="https://cmp.osano.com/AzyhULTdPkqmy4aDN/318aa814-0420-45bb-857d-8fb5fac33ff8/osano.js"></script> <link href="/css/print.css?version=1.11" rel="stylesheet" media="print" type="text/css"> <link href="/css/mappingonly.css" rel="stylesheet" type="text/css"> <noscript> <style type="text/css"> #script { visibility:collapse; visibility:hidden; font-size:0px; height:0px; width:0px } #noscript { visibility:visible; font-size:inherit; height:inherit; width:inherit} </style> </noscript> <title>CWE - CWE-1154: Weaknesses Addressed by the SEI CERT C Coding Standard (4.16) </title> <meta http-equiv="X-Translated-By" content="Google"> <meta http-equiv="X-Translated-To" content="lv"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=corsproxy" data-sourceurl="https://cwe.mitre.org/data/definitions/1154.html"></script> <link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=phishing_protection" data-phishing-protection-enabled="false" data-forms-warning-enabled="true" data-source-url="https://cwe.mitre.org/data/definitions/1154.html"></script> <meta name="robots" content="none"> </head> <body onload="onloadCookie()"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy,phishing_protection/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=navigationui" data-environment="prod" data-proxy-url="https://cwe-mitre-org.translate.goog" data-proxy-full-url="https://cwe-mitre-org.translate.goog/data/definitions/1154.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" data-source-url="https://cwe.mitre.org/data/definitions/1154.html" data-source-language="pl" data-target-language="lv" data-display-language="en-GB" data-detected-source-language="" data-is-source-untranslated="false" data-source-untranslated-url="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://cwe.mitre.org/data/definitions/1154.html&anno=2" data-client="tr"></script><a name="top" id="top"></a> <div id="MastHead" style="width:100%"> <div style="width:60%;float:left;padding-top:15px;padding-left:10px;padding-bottom:2px;"><a href="https://cwe-mitre-org.translate.goog/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" style="color:#32498D; text-decoration:none"> <img src="/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE"> <h1 style="color:#314a8d;font-size:1.5em;font-family:'Verdana',sans-serif;#eee;margin: .1em auto">Common Weakness Enumeration</h1><p style="color:#314a8d;font-family:'Times New Roman';font-style:italic;font-size:1em;#eee;margin:.1em auto 0 auto">A community-developed list of SW & HW weaknesses that can become vulnerabilities</p></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:8px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/about/new_to_cwe.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="New to CWE click here logo"><img src="/images/new_to_cwe/new_to_cwe_click_here.png" height="90" border="0" alt="New to CWE? click here!" style="text-align:center"></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/scoring/lists/2021_CWE_MIHW.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CWE Most Important Hardware Weaknesses"> <img src="/images/mihw_logo.svg" width="90" border="0" alt="CWE Most Important Hardware Weaknesses" style="vertical-align:bottom"></a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"> <a href="https://cwe-mitre-org.translate.goog/top25/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CWE Top 25"><img src="/images/cwe_top_25_logo_simple.svg" width="90" border="0" alt="CWE Top 25 Most Dangerous Weaknesses" style="vertical-align:bottom"></a> </div> </div><!--End Masthead div--> <div id="HeaderBar" class="noprint"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td width="100%" align="left" style="padding-left:10px; font-size:75%;"><a href="https://cwe-mitre-org.translate.goog/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Home</a> > <a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">CWE List</a> > CWE- Individual Dictionary Definition (4.16) </td> <td align="right" nowrap style="padding-right:12px"><!-- Begin /includes/search_cwe_id.html --> <div class="noprint"> <form action="/cgi-bin/jumpmenu.cgi" align="right" style="padding:0px; margin:0px"> ID <label for="id" style="padding-right:5px">Lookup:</label> <input id="id" name="id" type="text" style="width:50px; font-size:80%" maxlength="10"> <input value="Go" style="padding: 0px; font-size:80%" type="submit"> </form> </div><!-- End /includes/search_cwe_id.html --></td> </tr> </tbody> </table> </div><!--//HeaderBar--> <div class="yesprint"> <hr width="100%" size="1" style="clear:both" color="#000000"> </div> <div class="topnav"> <ul> <li><a href="https://cwe-mitre-org.translate.goog/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Home</a></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/about/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">About</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/about/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">About</a> <a href="https://cwe-mitre-org.translate.goog/about/new_to_cwe.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">New to CWE</a> <a href="https://cwe-mitre-org.translate.goog/about/user_stories.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">User Stories</a> <a href="https://cwe-mitre-org.translate.goog/about/cwe_videos.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Videos</a> <a href="https://cwe-mitre-org.translate.goog/about/history.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">History</a> <a href="https://cwe-mitre-org.translate.goog/about/documents.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Documents</a> <a href="https://cwe-mitre-org.translate.goog/about/faq.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">FAQs</a> <a href="https://cwe-mitre-org.translate.goog/documents/glossary/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Glossary</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">CWE List</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/data/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Latest Version</a> <a href="https://cwe-mitre-org.translate.goog/data/downloads.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Downloads</a> <a href="https://cwe-mitre-org.translate.goog/data/reports.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Reports</a> <a href="https://cwe-mitre-org.translate.goog/data/pdfs.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Visualizations</a> <a href="https://cwe-mitre-org.translate.goog/data/archive.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Archive</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/guidance.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">Mapping</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/guidance.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Guidance</a> <a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/quick_tips.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Quick Tips</a> <a href="https://cwe-mitre-org.translate.goog/documents/cwe_usage/mapping_examples.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Root Cause Mapping Examples</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/scoring/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top_n_lists"><button class="dropbtn">Top-N Lists</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/top25/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top 25 Software</a> <a href="https://cwe-mitre-org.translate.goog/scoring/lists/2021_CWE_MIHW.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top Hardware</a> <a href="https://cwe-mitre-org.translate.goog/top25/archive/2023/2023_kev_list.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Top 10 KEV Weaknesses</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/community/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">Community</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/community/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Community</a> <a href="https://cwe-mitre-org.translate.goog/community/working_groups.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Working Groups & Special Interest Groups</a> <a href="https://cwe-mitre-org.translate.goog/community/board.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Board</a> <a href="https://cwe-mitre-org.translate.goog/community/board.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#boardarchives">Board Meeting Minutes</a> <a href="https://cwe-mitre-org.translate.goog/community/registration.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">CWE Discussion List</a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.mail-archive.com/cwe-research-list@mitre.org/">CWE Discussion Archives</a> <a href="https://cwe-mitre-org.translate.goog/community/submissions/overview.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Contribute Weakness Content to CWE</a> </div> </div></li> <li> <div class="dropdown"><a href="https://cwe-mitre-org.translate.goog/news/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><button class="dropbtn">News</button> ▼</a> <div class="dropdown-content"><a href="https://cwe-mitre-org.translate.goog/news/?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Current News</a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://twitter.com/CweCapec" target="_blank" rel="noopener noreferrer">X-Twitter <img src="/images/x-logo-black.png" width="12" height="12" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X-Twitter"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://mastodon.social/@CWE_Program" target="_blank" rel="noopener noreferrer">Mastodon <img src="/images/mastodon-logo.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="X (formerly Twitter)"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.linkedin.com/showcase/cve-cwe-capec" target="_blank" rel="noopener noreferrer">LinkedIn <img src="/images/linkedin_sm.jpg" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="LinkedIn"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA" target="_blank" rel="noopener noreferrer">YouTube <img src="/images/youtube.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="YouTube"></a> <a href="https://cwe-mitre-org.translate.goog/news/podcast.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Podcast <img src="/images/out_of_bounds_read_logo.png" width="16" height="16" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Out of Bounds Read Podcast"></a> <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://medium.com/@CWE_CAPEC" target="_blank" rel="noopener noreferrer">Medium <img src="/images/medium_sm.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Medium"></a> <a href="https://cwe-mitre-org.translate.goog/news/archives/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">News Archive</a> </div> </div></li> <li style="border-color:#aaaaaa"><a href="https://cwe-mitre-org.translate.goog/find/index.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Search</a></li> </ul> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0" id="MainPane"> <tbody> <tr><!-- begin left side menu --> <td valign="top" rowspan="2" id="LeftPane"><!--include virtual="/includes/leftsidemenu.html" Removed 11212016--> <script type="text/javascript">browserheight();</script></td><!-- end left side menu --> <td style="height:1px"></td><!-- begin right column --> <td valign="top" align="center" rowspan="2" nowrap id="RightPane"></td><!-- end right side menu --> </tr> <tr><!-- begin content pane --> <td valign="top" width="100%" id="Contentpane"><!--Glossary tags--> <div id="styled_popup" name="styled_popup" style="display:none; position:fixed; top:300; height:auto; width:300px; z-index:1000"> <table width="300" cellpadding="0" cellspacing="0" border="0" style="border:1px solid #32498D;"> <tbody> <tr style="background-color:#32498D; color:#ffffff;"> <td width="100%" style="padding:1px 5px 1px 5px; border-bottom:1px solid #000000"> <div width="100%" style="font-weight:bold;"> CWE Glossary Definition </div></td> <td nowrap style="padding:1px; border-bottom:1px solid #000000" valign="top"><a href="javascript:styledPopupClose();?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img src="/images/layout/close.gif" border="0" alt="x"></a></td> </tr> <tr> <td colspan="2" style="background: url(/images/layout/ylgradient.jpg); background-repeat: repeat-x repeat-y; padding:5px; background-color:#FFFFCC; " valign="top"> <div id="output" style="max-height:400px; overflow-y:auto"></div></td> </tr> </tbody> </table> </div><script src="/includes/nav.js" language="JavaScript" type="text/javascript"></script> <noscript> <style>div.collapseblock { display:inline} </style> </noscript><!-- Start main content --> <!-- Copyright (c) 2006-2024, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. --> <a xmlns:xhtml="http://www.w3.org/1999/xhtml" name="1154"></a> <div style="overflow:auto;"> <h2 style="display:inline; margin:0px 0px 2px 0px; vertical-align: text-bottom">CWE VIEW: Weaknesses Addressed by the SEI CERT C Coding Standard</h2> <div style="text-align:right; margin:5px 0px 0px 5px; padding-bottom:1px; white-space:nowrap;"></div> </div> <div xmlns:xhtml="http://www.w3.org/1999/xhtml" id="CWEDefinition" class="View"> <div class="title"> <div class="status"> <table cellpadding="0" cellspacing="0" border="0" width="100%"> <tbody> <tr> <td valign="top" align="left" width="33%" nowrap> <div style="font-weight:bold"> View ID: 1154 </div><span> <span style="font-weight:bold"> <a href="https://cwe-mitre-org.translate.goog/data/definitions/1154.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#Vulnerability_Mapping_Notes_1154">Vulnerability Mapping</a>:<span class="tool"> <span style="color:#FF0000">PROHIBITED</span> <span class="tip">This CWE ID must not be used to map to real-world vulnerabilities</span> </span> </span> <br> Type: <span style="font-weight:normal">Graph</span> </span></td> </tr> </tbody> </table> </div> </div> <div style="text-align:right; font-size:80%;padding-top:3px; padding-bottom:3px;padding-right:10px;" nowrap class="download"> Downloads: <a href="https://cwe-mitre-org.translate.goog/data/slices/1154.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="Booklet.html: A webpage containing the rendered HTML representation of the desired CWE ID, and all dependent Weaknesses, Views, or Categories.">Booklet</a> | <a href="https://cwe-mitre-org.translate.goog/data/csv/1154.csv.zip?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="CSV.zip: A compressed CSV file containing the fields of the desired Weaknesses related to this View.">CSV</a> | <a href="https://cwe-mitre-org.translate.goog/data/xml/views/1154.xml.zip?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" title="XML.zip: A compressed XML file containing the desired CWE ID, dependent Weaknesses, Views, Categories, and all required External References.">XML</a> </div> <div id="Objective"> <div class="heading" id="Objective_1154"> <span><a href="javascript:toggleblocksOC('1154_Objective');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Objective" src="/images/head_more.gif" border="0" alt="+"></a> </span>Objective </div> <div name="oc_1154_Objective" id="oc_1154_Objective" class="expandblock"> <div class="detail"> <div class="indent"> CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT C Coding Standard. </div> </div> </div> </div> <div id="Audience"> <div class="heading" id="Audience_1154"> <span><a href="javascript:toggleblocksOC('1154_Audience');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Audience" src="/images/head_more.gif" border="0" alt="+"></a> </span>Audience </div> <div name="oc_1154_Audience" id="oc_1154_Audience" class="expandblock"> <div class="tabledetail"> <div class="indent"> <div style="margin-top: 10px"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tbody> <tr> <th class="title" valign="middle" nowrap width="135px">Stakeholder</th> <th class="title" valign="middle">Description</th> </tr> <tr> <td valign="middle" nowrap>Software Developers</td> <td valign="middle" width="100%">By following the SEI CERT C Coding Standard, developers will be able to fully or partially prevent the weaknesses that are identified in this view. In addition, developers can use a CWE coverage graph to determine which weaknesses are not directly addressed by the standard, which will help identify and resolve remaining gaps in training, tool acquisition, or other approaches for reducing weaknesses.</td> </tr> <tr> <td valign="middle" nowrap>Product Customers</td> <td valign="middle" width="100%">If a software developer claims to be following the SEI CERT C Coding standard, then customers can search for the weaknesses in this view in order to formulate independent evidence of that claim.</td> </tr> <tr> <td valign="middle" nowrap>Educators</td> <td valign="middle" width="100%">Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could link them to the relevant Secure Coding Standard.</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="Relationships"> <div class="heading" id="Relationships_1154"><span> <a href="javascript:toggleblocksOC('1154_Relationships');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="ocimg_1154_Relationships" src="/images/head_more.gif" border="0" alt="+"></a> </span>Relationships </div> <div name="oc_1154_Relationships" id="oc_1154_Relationships" class="expandblock"> <div class="tabledetail"> <div class="indent"> <div style="width:98%"> <style xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> #included { display:block; } </style> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" src="/includes/includedefinition.js" language="JavaScript" type="text/javascript"></script> <noscript xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <style> div.collapseblock { display:inline } </style> </noscript> <div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="script"> <div style="margin-top:5px;"> The following graph shows the tree-like relationships between weaknesses that exist at different levels of abstraction. At the highest level, categories and pillars exist to group weaknesses. Categories (which are not technically weaknesses) are special CWE entries used to group weaknesses that share a common characteristic. Pillars are weaknesses that are described in the most abstract fashion. Below these top-level entries are weaknesses are varying levels of abstraction. Classes are still very abstract, typically independent of any specific language or technology. Base level weaknesses are used to present a more specific type of weakness. A variant is a weakness that is described at a very low level of detail, typically limited to a specific language or technology. A chain is a set of weaknesses that must be reachable consecutively in order to produce an exploitable vulnerability. While a composite is a set of weaknesses that must all be present simultaneously in order to produce an exploitable vulnerability. </div> <div style="text-align:right; display:inline"> <div style="font-size:75%; color:#000066; font-style:italic;" id="SkinSelector"> Show Details: <input type="checkbox" onclick="skinSelector();" value="show_details"> </div> </div> <div id="PageContents"> <a href="javascript:toggleAll('expand');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Expand All</a> | <a href="javascript:toggleAll('collapse');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Collapse All</a> </div> </div> <div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <b>1154 - Weaknesses Addressed by the SEI CERT C Coding Standard</b> <div class="group" id="11541155"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541155" href="https://cwe-mitre-org.translate.goog/data/definitions/1155.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) <span class="cweid Primary"> - (1155)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1155</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE))</span> </div> <div id="summary_11541155" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Preprocessor (PRE) section of the SEI CERT C Coding Standard. </div> </div> <div class="group" id="11541156"><span> <a href="javascript:toggleblocks('11541156');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541156" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541156" href="https://cwe-mitre-org.translate.goog/data/definitions/1156.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) <span class="cweid Primary"> - (1156)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1156</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL))</span> </div> <div id="summary_11541156" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI CERT C Coding Standard. </div> <div name="block_11541156" id="block_11541156" class="collapseblock"> <div class="group" id="11541156562"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541156562" href="https://cwe-mitre-org.translate.goog/data/definitions/562.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Return of Stack Variable Address <span class="cweid Primary"> - (562)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1156</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL))</span> > <span class="thisId">562</span> <span class="thisName">(Return of Stack Variable Address)</span> </div> <div id="summary_11541156562" class="defsummary"> A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash. </div> </div> </div> </div> <div class="group" id="11541157"><span> <a href="javascript:toggleblocks('11541157');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541157" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541157" href="https://cwe-mitre-org.translate.goog/data/definitions/1157.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) <span class="cweid Primary"> - (1157)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> </div> <div id="summary_11541157" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT C Coding Standard. </div> <div name="block_11541157" id="block_11541157" class="collapseblock"> <div class="group" id="11541157758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541157758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> <div class="group" id="11541157908"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157908" href="https://cwe-mitre-org.translate.goog/data/definitions/908.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Uninitialized Resource <span class="cweid Primary"> - (908)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">908</span> <span class="thisName">(Use of Uninitialized Resource)</span> </div> <div id="summary_11541157908" class="defsummary"> The product uses or accesses a resource that has not been initialized. </div> </div> <div class="group" id="11541157476"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157476" href="https://cwe-mitre-org.translate.goog/data/definitions/476.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> NULL Pointer Dereference <span class="cweid Primary"> - (476)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">476</span> <span class="thisName">(NULL Pointer Dereference)</span> </div> <div id="summary_11541157476" class="defsummary"> The product dereferences a pointer that it expects to be valid but is NULL. <span class="alt_terms"> <span>NPD</span> <span>null deref</span> <span>NPE</span> <span>nil pointer dereference</span> </span> </div> </div> <div class="group" id="11541157690"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/chain.gif" alt="Chain" class="icon"> <span class="tip">Chain - a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together within software. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure.</span> </span> </span> <span class="Primary"> <a name="11541157690" href="https://cwe-mitre-org.translate.goog/data/definitions/690.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unchecked Return Value to NULL Pointer Dereference <span class="cweid Primary"> - (690)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">690</span> <span class="thisName">(Unchecked Return Value to NULL Pointer Dereference)</span> </div> <div id="summary_11541157690" class="defsummary"> The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. </div> </div> <div class="group" id="11541157628"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157628" href="https://cwe-mitre-org.translate.goog/data/definitions/628.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Function Call with Incorrectly Specified Arguments <span class="cweid Primary"> - (628)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">628</span> <span class="thisName">(Function Call with Incorrectly Specified Arguments)</span> </div> <div id="summary_11541157628" class="defsummary"> The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses. </div> </div> <div class="group" id="11541157685"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157685" href="https://cwe-mitre-org.translate.goog/data/definitions/685.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Function Call With Incorrect Number of Arguments <span class="cweid Primary"> - (685)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">685</span> <span class="thisName">(Function Call With Incorrect Number of Arguments)</span> </div> <div id="summary_11541157685" class="defsummary"> The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses. </div> </div> <div class="group" id="11541157686"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157686" href="https://cwe-mitre-org.translate.goog/data/definitions/686.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Function Call With Incorrect Argument Type <span class="cweid Primary"> - (686)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">686</span> <span class="thisName">(Function Call With Incorrect Argument Type)</span> </div> <div id="summary_11541157686" class="defsummary"> The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. </div> </div> <div class="group" id="11541157843"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157843" href="https://cwe-mitre-org.translate.goog/data/definitions/843.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Access of Resource Using Incompatible Type ('Type Confusion') <span class="cweid Primary"> - (843)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">843</span> <span class="thisName">(Access of Resource Using Incompatible Type ('Type Confusion'))</span> </div> <div id="summary_11541157843" class="defsummary"> The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. <span class="alt_terms"> <span>Object Type Confusion</span> </span> </div> </div> <div class="group" id="11541157704"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157704" href="https://cwe-mitre-org.translate.goog/data/definitions/704.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Type Conversion or Cast <span class="cweid Primary"> - (704)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">704</span> <span class="thisName">(Incorrect Type Conversion or Cast)</span> </div> <div id="summary_11541157704" class="defsummary"> The product does not correctly convert an object, resource, or structure from one type to a different type. </div> </div> <div class="group" id="11541157119"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157119" href="https://cwe-mitre-org.translate.goog/data/definitions/119.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Restriction of Operations within the Bounds of a Memory Buffer <span class="cweid Primary"> - (119)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">119</span> <span class="thisName">(Improper Restriction of Operations within the Bounds of a Memory Buffer)</span> </div> <div id="summary_11541157119" class="defsummary"> The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. <span class="alt_terms"> <span>Buffer Overflow</span> <span>buffer overrun</span> <span>memory safety</span> </span> </div> </div> <div class="group" id="11541157125"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157125" href="https://cwe-mitre-org.translate.goog/data/definitions/125.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Out-of-bounds Read <span class="cweid Primary"> - (125)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">125</span> <span class="thisName">(Out-of-bounds Read)</span> </div> <div id="summary_11541157125" class="defsummary"> The product reads data past the end, or before the beginning, of the intended buffer. <span class="alt_terms"> <span>OOB read</span> </span> </div> </div> <div class="group" id="11541157480"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157480" href="https://cwe-mitre-org.translate.goog/data/definitions/480.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Incorrect Operator <span class="cweid Primary"> - (480)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">480</span> <span class="thisName">(Use of Incorrect Operator)</span> </div> <div id="summary_11541157480" class="defsummary"> The product accidentally uses the wrong operator, which changes the logic in security-relevant ways. </div> </div> <div class="group" id="11541157481"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541157481" href="https://cwe-mitre-org.translate.goog/data/definitions/481.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Assigning instead of Comparing <span class="cweid Primary"> - (481)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1157</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP))</span> > <span class="thisId">481</span> <span class="thisName">(Assigning instead of Comparing)</span> </div> <div id="summary_11541157481" class="defsummary"> The code uses an operator for assignment when the intention was to perform a comparison. </div> </div> </div> </div> <div class="group" id="11541158"><span> <a href="javascript:toggleblocks('11541158');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541158" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541158" href="https://cwe-mitre-org.translate.goog/data/definitions/1158.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 04. Integers (INT) <span class="cweid Primary"> - (1158)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> </div> <div id="summary_11541158" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Integers (INT) section of the SEI CERT C Coding Standard. </div> <div name="block_11541158" id="block_11541158" class="collapseblock"> <div class="group" id="11541158190"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158190" href="https://cwe-mitre-org.translate.goog/data/definitions/190.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Integer Overflow or Wraparound <span class="cweid Primary"> - (190)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">190</span> <span class="thisName">(Integer Overflow or Wraparound)</span> </div> <div id="summary_11541158190" class="defsummary"> The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. <span class="alt_terms"> <span>Overflow</span> <span>Wraparound</span> <span>wrap, wrap-around, wrap around</span> </span> </div> </div> <div class="group" id="11541158131"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158131" href="https://cwe-mitre-org.translate.goog/data/definitions/131.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Calculation of Buffer Size <span class="cweid Primary"> - (131)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">131</span> <span class="thisName">(Incorrect Calculation of Buffer Size)</span> </div> <div id="summary_11541158131" class="defsummary"> The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. </div> </div> <div class="group" id="11541158191"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158191" href="https://cwe-mitre-org.translate.goog/data/definitions/191.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Integer Underflow (Wrap or Wraparound) <span class="cweid Primary"> - (191)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">191</span> <span class="thisName">(Integer Underflow (Wrap or Wraparound))</span> </div> <div id="summary_11541158191" class="defsummary"> The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. <span class="alt_terms"> <span>Integer underflow</span> </span> </div> </div> <div class="group" id="11541158680"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/chain.gif" alt="Chain" class="icon"> <span class="tip">Chain - a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together within software. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure.</span> </span> </span> <span class="Primary"> <a name="11541158680" href="https://cwe-mitre-org.translate.goog/data/definitions/680.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Integer Overflow to Buffer Overflow <span class="cweid Primary"> - (680)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">680</span> <span class="thisName">(Integer Overflow to Buffer Overflow)</span> </div> <div id="summary_11541158680" class="defsummary"> The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. </div> </div> <div class="group" id="11541158192"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158192" href="https://cwe-mitre-org.translate.goog/data/definitions/192.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Integer Coercion Error <span class="cweid Primary"> - (192)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">192</span> <span class="thisName">(Integer Coercion Error)</span> </div> <div id="summary_11541158192" class="defsummary"> Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. </div> </div> <div class="group" id="11541158197"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158197" href="https://cwe-mitre-org.translate.goog/data/definitions/197.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Numeric Truncation Error <span class="cweid Primary"> - (197)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">197</span> <span class="thisName">(Numeric Truncation Error)</span> </div> <div id="summary_11541158197" class="defsummary"> Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. </div> </div> <div class="group" id="11541158681"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158681" href="https://cwe-mitre-org.translate.goog/data/definitions/681.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Conversion between Numeric Types <span class="cweid Primary"> - (681)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">681</span> <span class="thisName">(Incorrect Conversion between Numeric Types)</span> </div> <div id="summary_11541158681" class="defsummary"> When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. </div> </div> <div class="group" id="11541158704"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158704" href="https://cwe-mitre-org.translate.goog/data/definitions/704.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Type Conversion or Cast <span class="cweid Primary"> - (704)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">704</span> <span class="thisName">(Incorrect Type Conversion or Cast)</span> </div> <div id="summary_11541158704" class="defsummary"> The product does not correctly convert an object, resource, or structure from one type to a different type. </div> </div> <div class="group" id="11541158194"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158194" href="https://cwe-mitre-org.translate.goog/data/definitions/194.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unexpected Sign Extension <span class="cweid Primary"> - (194)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">194</span> <span class="thisName">(Unexpected Sign Extension)</span> </div> <div id="summary_11541158194" class="defsummary"> The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses. </div> </div> <div class="group" id="11541158195"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158195" href="https://cwe-mitre-org.translate.goog/data/definitions/195.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Signed to Unsigned Conversion Error <span class="cweid Primary"> - (195)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">195</span> <span class="thisName">(Signed to Unsigned Conversion Error)</span> </div> <div id="summary_11541158195" class="defsummary"> The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive. </div> </div> <div class="group" id="11541158369"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158369" href="https://cwe-mitre-org.translate.goog/data/definitions/369.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Divide By Zero <span class="cweid Primary"> - (369)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">369</span> <span class="thisName">(Divide By Zero)</span> </div> <div id="summary_11541158369" class="defsummary"> The product divides a value by zero. </div> </div> <div class="group" id="11541158682"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/pillar.gif" alt="Pillar" class="icon"> <span class="tip">Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.</span> </span> </span> <span class="Primary"> <a name="11541158682" href="https://cwe-mitre-org.translate.goog/data/definitions/682.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Calculation <span class="cweid Primary"> - (682)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">682</span> <span class="thisName">(Incorrect Calculation)</span> </div> <div id="summary_11541158682" class="defsummary"> The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. </div> </div> <div class="group" id="11541158758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541158758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> <div class="group" id="11541158587"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541158587" href="https://cwe-mitre-org.translate.goog/data/definitions/587.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Assignment of a Fixed Address to a Pointer <span class="cweid Primary"> - (587)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1158</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 04. Integers (INT))</span> > <span class="thisId">587</span> <span class="thisName">(Assignment of a Fixed Address to a Pointer)</span> </div> <div id="summary_11541158587" class="defsummary"> The product sets a pointer to a specific address other than NULL or 0. </div> </div> </div> </div> <div class="group" id="11541159"><span> <a href="javascript:toggleblocks('11541159');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541159" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541159" href="https://cwe-mitre-org.translate.goog/data/definitions/1159.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) <span class="cweid Primary"> - (1159)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1159</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP))</span> </div> <div id="summary_11541159" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Floating Point (FLP) section of the SEI CERT C Coding Standard. </div> <div name="block_11541159" id="block_11541159" class="collapseblock"> <div class="group" id="11541159682"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/pillar.gif" alt="Pillar" class="icon"> <span class="tip">Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.</span> </span> </span> <span class="Primary"> <a name="11541159682" href="https://cwe-mitre-org.translate.goog/data/definitions/682.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Calculation <span class="cweid Primary"> - (682)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1159</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP))</span> > <span class="thisId">682</span> <span class="thisName">(Incorrect Calculation)</span> </div> <div id="summary_11541159682" class="defsummary"> The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. </div> </div> <div class="group" id="11541159391"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541159391" href="https://cwe-mitre-org.translate.goog/data/definitions/391.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unchecked Error Condition <span class="cweid Primary"> - (391)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1159</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP))</span> > <span class="thisId">391</span> <span class="thisName">(Unchecked Error Condition)</span> </div> <div id="summary_11541159391" class="defsummary"> [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. </div> </div> <div class="group" id="11541159681"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541159681" href="https://cwe-mitre-org.translate.goog/data/definitions/681.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Conversion between Numeric Types <span class="cweid Primary"> - (681)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1159</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP))</span> > <span class="thisId">681</span> <span class="thisName">(Incorrect Conversion between Numeric Types)</span> </div> <div id="summary_11541159681" class="defsummary"> When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. </div> </div> <div class="group" id="11541159197"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541159197" href="https://cwe-mitre-org.translate.goog/data/definitions/197.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Numeric Truncation Error <span class="cweid Primary"> - (197)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1159</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP))</span> > <span class="thisId">197</span> <span class="thisName">(Numeric Truncation Error)</span> </div> <div id="summary_11541159197" class="defsummary"> Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. </div> </div> </div> </div> <div class="group" id="11541160"><span> <a href="javascript:toggleblocks('11541160');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541160" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541160" href="https://cwe-mitre-org.translate.goog/data/definitions/1160.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) <span class="cweid Primary"> - (1160)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> </div> <div id="summary_11541160" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) section of the SEI CERT C Coding Standard. </div> <div name="block_11541160" id="block_11541160" class="collapseblock"> <div class="group" id="11541160119"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160119" href="https://cwe-mitre-org.translate.goog/data/definitions/119.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Restriction of Operations within the Bounds of a Memory Buffer <span class="cweid Primary"> - (119)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">119</span> <span class="thisName">(Improper Restriction of Operations within the Bounds of a Memory Buffer)</span> </div> <div id="summary_11541160119" class="defsummary"> The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. <span class="alt_terms"> <span>Buffer Overflow</span> <span>buffer overrun</span> <span>memory safety</span> </span> </div> </div> <div class="group" id="11541160129"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160129" href="https://cwe-mitre-org.translate.goog/data/definitions/129.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Validation of Array Index <span class="cweid Primary"> - (129)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">129</span> <span class="thisName">(Improper Validation of Array Index)</span> </div> <div id="summary_11541160129" class="defsummary"> The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. <span class="alt_terms"> <span>out-of-bounds array index</span> <span>index-out-of-range</span> <span>array index underflow</span> </span> </div> </div> <div class="group" id="11541160786"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160786" href="https://cwe-mitre-org.translate.goog/data/definitions/786.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Access of Memory Location Before Start of Buffer <span class="cweid Primary"> - (786)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">786</span> <span class="thisName">(Access of Memory Location Before Start of Buffer)</span> </div> <div id="summary_11541160786" class="defsummary"> The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. </div> </div> <div class="group" id="11541160123"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160123" href="https://cwe-mitre-org.translate.goog/data/definitions/123.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Write-what-where Condition <span class="cweid Primary"> - (123)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">123</span> <span class="thisName">(Write-what-where Condition)</span> </div> <div id="summary_11541160123" class="defsummary"> Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. </div> </div> <div class="group" id="11541160125"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160125" href="https://cwe-mitre-org.translate.goog/data/definitions/125.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Out-of-bounds Read <span class="cweid Primary"> - (125)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">125</span> <span class="thisName">(Out-of-bounds Read)</span> </div> <div id="summary_11541160125" class="defsummary"> The product reads data past the end, or before the beginning, of the intended buffer. <span class="alt_terms"> <span>OOB read</span> </span> </div> </div> <div class="group" id="11541160758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541160758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> <div class="group" id="11541160469"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160469" href="https://cwe-mitre-org.translate.goog/data/definitions/469.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Pointer Subtraction to Determine Size <span class="cweid Primary"> - (469)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">469</span> <span class="thisName">(Use of Pointer Subtraction to Determine Size)</span> </div> <div id="summary_11541160469" class="defsummary"> The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk. </div> </div> <div class="group" id="11541160121"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160121" href="https://cwe-mitre-org.translate.goog/data/definitions/121.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Stack-based Buffer Overflow <span class="cweid Primary"> - (121)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">121</span> <span class="thisName">(Stack-based Buffer Overflow)</span> </div> <div id="summary_11541160121" class="defsummary"> A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). <span class="alt_terms"> <span>Stack Overflow</span> </span> </div> </div> <div class="group" id="11541160805"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160805" href="https://cwe-mitre-org.translate.goog/data/definitions/805.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Buffer Access with Incorrect Length Value <span class="cweid Primary"> - (805)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">805</span> <span class="thisName">(Buffer Access with Incorrect Length Value)</span> </div> <div id="summary_11541160805" class="defsummary"> The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. </div> </div> <div class="group" id="11541160468"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541160468" href="https://cwe-mitre-org.translate.goog/data/definitions/468.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Pointer Scaling <span class="cweid Primary"> - (468)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1160</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR))</span> > <span class="thisId">468</span> <span class="thisName">(Incorrect Pointer Scaling)</span> </div> <div id="summary_11541160468" class="defsummary"> In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. </div> </div> </div> </div> <div class="group" id="11541161"><span> <a href="javascript:toggleblocks('11541161');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541161" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541161" href="https://cwe-mitre-org.translate.goog/data/definitions/1161.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) <span class="cweid Primary"> - (1161)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> </div> <div id="summary_11541161" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) section of the SEI CERT C Coding Standard. </div> <div name="block_11541161" id="block_11541161" class="collapseblock"> <div class="group" id="11541161120"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161120" href="https://cwe-mitre-org.translate.goog/data/definitions/120.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') <span class="cweid Primary"> - (120)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">120</span> <span class="thisName">(Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))</span> </div> <div id="summary_11541161120" class="defsummary"> The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. <span class="alt_terms"> <span>Classic Buffer Overflow</span> <span>Unbounded Transfer</span> </span> </div> </div> <div class="group" id="11541161119"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161119" href="https://cwe-mitre-org.translate.goog/data/definitions/119.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Restriction of Operations within the Bounds of a Memory Buffer <span class="cweid Primary"> - (119)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">119</span> <span class="thisName">(Improper Restriction of Operations within the Bounds of a Memory Buffer)</span> </div> <div id="summary_11541161119" class="defsummary"> The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. <span class="alt_terms"> <span>Buffer Overflow</span> <span>buffer overrun</span> <span>memory safety</span> </span> </div> </div> <div class="group" id="11541161121"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161121" href="https://cwe-mitre-org.translate.goog/data/definitions/121.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Stack-based Buffer Overflow <span class="cweid Primary"> - (121)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">121</span> <span class="thisName">(Stack-based Buffer Overflow)</span> </div> <div id="summary_11541161121" class="defsummary"> A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). <span class="alt_terms"> <span>Stack Overflow</span> </span> </div> </div> <div class="group" id="11541161122"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161122" href="https://cwe-mitre-org.translate.goog/data/definitions/122.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Heap-based Buffer Overflow <span class="cweid Primary"> - (122)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">122</span> <span class="thisName">(Heap-based Buffer Overflow)</span> </div> <div id="summary_11541161122" class="defsummary"> A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). </div> </div> <div class="group" id="11541161123"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161123" href="https://cwe-mitre-org.translate.goog/data/definitions/123.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Write-what-where Condition <span class="cweid Primary"> - (123)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">123</span> <span class="thisName">(Write-what-where Condition)</span> </div> <div id="summary_11541161123" class="defsummary"> Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. </div> </div> <div class="group" id="11541161125"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161125" href="https://cwe-mitre-org.translate.goog/data/definitions/125.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Out-of-bounds Read <span class="cweid Primary"> - (125)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">125</span> <span class="thisName">(Out-of-bounds Read)</span> </div> <div id="summary_11541161125" class="defsummary"> The product reads data past the end, or before the beginning, of the intended buffer. <span class="alt_terms"> <span>OOB read</span> </span> </div> </div> <div class="group" id="11541161676"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161676" href="https://cwe-mitre-org.translate.goog/data/definitions/676.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Potentially Dangerous Function <span class="cweid Primary"> - (676)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">676</span> <span class="thisName">(Use of Potentially Dangerous Function)</span> </div> <div id="summary_11541161676" class="defsummary"> The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. </div> </div> <div class="group" id="11541161170"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161170" href="https://cwe-mitre-org.translate.goog/data/definitions/170.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Null Termination <span class="cweid Primary"> - (170)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">170</span> <span class="thisName">(Improper Null Termination)</span> </div> <div id="summary_11541161170" class="defsummary"> The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. </div> </div> <div class="group" id="11541161704"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541161704" href="https://cwe-mitre-org.translate.goog/data/definitions/704.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Type Conversion or Cast <span class="cweid Primary"> - (704)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1161</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR))</span> > <span class="thisId">704</span> <span class="thisName">(Incorrect Type Conversion or Cast)</span> </div> <div id="summary_11541161704" class="defsummary"> The product does not correctly convert an object, resource, or structure from one type to a different type. </div> </div> </div> </div> <div class="group" id="11541162"><span> <a href="javascript:toggleblocks('11541162');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541162" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541162" href="https://cwe-mitre-org.translate.goog/data/definitions/1162.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) <span class="cweid Primary"> - (1162)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> </div> <div id="summary_11541162" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Memory Management (MEM) section of the SEI CERT C Coding Standard. </div> <div name="block_11541162" id="block_11541162" class="collapseblock"> <div class="group" id="11541162416"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162416" href="https://cwe-mitre-org.translate.goog/data/definitions/416.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use After Free <span class="cweid Primary"> - (416)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">416</span> <span class="thisName">(Use After Free)</span> </div> <div id="summary_11541162416" class="defsummary"> The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. <span class="alt_terms"> <span>Dangling pointer</span> <span>UAF</span> <span>Use-After-Free</span> </span> </div> </div> <div class="group" id="11541162672"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162672" href="https://cwe-mitre-org.translate.goog/data/definitions/672.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Operation on a Resource after Expiration or Release <span class="cweid Primary"> - (672)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">672</span> <span class="thisName">(Operation on a Resource after Expiration or Release)</span> </div> <div id="summary_11541162672" class="defsummary"> The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. </div> </div> <div class="group" id="11541162758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541162758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> <div class="group" id="11541162666"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162666" href="https://cwe-mitre-org.translate.goog/data/definitions/666.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Operation on Resource in Wrong Phase of Lifetime <span class="cweid Primary"> - (666)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">666</span> <span class="thisName">(Operation on Resource in Wrong Phase of Lifetime)</span> </div> <div id="summary_11541162666" class="defsummary"> The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. </div> </div> <div class="group" id="11541162415"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162415" href="https://cwe-mitre-org.translate.goog/data/definitions/415.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Double Free <span class="cweid Primary"> - (415)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">415</span> <span class="thisName">(Double Free)</span> </div> <div id="summary_11541162415" class="defsummary"> The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. <span class="alt_terms"> <span>Double-free</span> </span> </div> </div> <div class="group" id="11541162401"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162401" href="https://cwe-mitre-org.translate.goog/data/definitions/401.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Release of Memory after Effective Lifetime <span class="cweid Primary"> - (401)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">401</span> <span class="thisName">(Missing Release of Memory after Effective Lifetime)</span> </div> <div id="summary_11541162401" class="defsummary"> The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. <span class="alt_terms"> <span>Memory Leak</span> </span> </div> </div> <div class="group" id="11541162404"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162404" href="https://cwe-mitre-org.translate.goog/data/definitions/404.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Resource Shutdown or Release <span class="cweid Primary"> - (404)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">404</span> <span class="thisName">(Improper Resource Shutdown or Release)</span> </div> <div id="summary_11541162404" class="defsummary"> The product does not release or incorrectly releases a resource before it is made available for re-use. </div> </div> <div class="group" id="11541162459"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162459" href="https://cwe-mitre-org.translate.goog/data/definitions/459.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incomplete Cleanup <span class="cweid Primary"> - (459)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">459</span> <span class="thisName">(Incomplete Cleanup)</span> </div> <div id="summary_11541162459" class="defsummary"> The product does not properly "clean up" and remove temporary or supporting resources after they have been used. <span class="alt_terms"> <span>Insufficient Cleanup</span> </span> </div> </div> <div class="group" id="11541162771"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162771" href="https://cwe-mitre-org.translate.goog/data/definitions/771.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Reference to Active Allocated Resource <span class="cweid Primary"> - (771)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">771</span> <span class="thisName">(Missing Reference to Active Allocated Resource)</span> </div> <div id="summary_11541162771" class="defsummary"> The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. </div> </div> <div class="group" id="11541162772"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162772" href="https://cwe-mitre-org.translate.goog/data/definitions/772.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Release of Resource after Effective Lifetime <span class="cweid Primary"> - (772)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">772</span> <span class="thisName">(Missing Release of Resource after Effective Lifetime)</span> </div> <div id="summary_11541162772" class="defsummary"> The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. </div> </div> <div class="group" id="11541162590"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162590" href="https://cwe-mitre-org.translate.goog/data/definitions/590.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Free of Memory not on the Heap <span class="cweid Primary"> - (590)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">590</span> <span class="thisName">(Free of Memory not on the Heap)</span> </div> <div id="summary_11541162590" class="defsummary"> The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). </div> </div> <div class="group" id="11541162131"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162131" href="https://cwe-mitre-org.translate.goog/data/definitions/131.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Calculation of Buffer Size <span class="cweid Primary"> - (131)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">131</span> <span class="thisName">(Incorrect Calculation of Buffer Size)</span> </div> <div id="summary_11541162131" class="defsummary"> The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. </div> </div> <div class="group" id="11541162680"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/chain.gif" alt="Chain" class="icon"> <span class="tip">Chain - a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together within software. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure.</span> </span> </span> <span class="Primary"> <a name="11541162680" href="https://cwe-mitre-org.translate.goog/data/definitions/680.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Integer Overflow to Buffer Overflow <span class="cweid Primary"> - (680)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">680</span> <span class="thisName">(Integer Overflow to Buffer Overflow)</span> </div> <div id="summary_11541162680" class="defsummary"> The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. </div> </div> <div class="group" id="11541162467"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162467" href="https://cwe-mitre-org.translate.goog/data/definitions/467.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of sizeof() on a Pointer Type <span class="cweid Primary"> - (467)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">467</span> <span class="thisName">(Use of sizeof() on a Pointer Type)</span> </div> <div id="summary_11541162467" class="defsummary"> The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to. </div> </div> <div class="group" id="11541162789"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162789" href="https://cwe-mitre-org.translate.goog/data/definitions/789.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Memory Allocation with Excessive Size Value <span class="cweid Primary"> - (789)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">789</span> <span class="thisName">(Memory Allocation with Excessive Size Value)</span> </div> <div id="summary_11541162789" class="defsummary"> The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. <span class="alt_terms"> <span>Stack Exhaustion</span> </span> </div> </div> <div class="group" id="11541162190"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541162190" href="https://cwe-mitre-org.translate.goog/data/definitions/190.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Integer Overflow or Wraparound <span class="cweid Primary"> - (190)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1162</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM))</span> > <span class="thisId">190</span> <span class="thisName">(Integer Overflow or Wraparound)</span> </div> <div id="summary_11541162190" class="defsummary"> The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. <span class="alt_terms"> <span>Overflow</span> <span>Wraparound</span> <span>wrap, wrap-around, wrap around</span> </span> </div> </div> </div> </div> <div class="group" id="11541163"><span> <a href="javascript:toggleblocks('11541163');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541163" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541163" href="https://cwe-mitre-org.translate.goog/data/definitions/1163.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) <span class="cweid Primary"> - (1163)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> </div> <div id="summary_11541163" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT C Coding Standard. </div> <div name="block_11541163" id="block_11541163" class="collapseblock"> <div class="group" id="11541163134"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163134" href="https://cwe-mitre-org.translate.goog/data/definitions/134.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Externally-Controlled Format String <span class="cweid Primary"> - (134)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">134</span> <span class="thisName">(Use of Externally-Controlled Format String)</span> </div> <div id="summary_11541163134" class="defsummary"> The product uses a function that accepts a format string as an argument, but the format string originates from an external source. </div> </div> <div class="group" id="1154116320"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="1154116320" href="https://cwe-mitre-org.translate.goog/data/definitions/20.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Input Validation <span class="cweid Primary"> - (20)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">20</span> <span class="thisName">(Improper Input Validation)</span> </div> <div id="summary_1154116320" class="defsummary"> The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. </div> </div> <div class="group" id="1154116367"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="1154116367" href="https://cwe-mitre-org.translate.goog/data/definitions/67.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Handling of Windows Device Names <span class="cweid Primary"> - (67)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">67</span> <span class="thisName">(Improper Handling of Windows Device Names)</span> </div> <div id="summary_1154116367" class="defsummary"> The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file. </div> </div> <div class="group" id="11541163197"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163197" href="https://cwe-mitre-org.translate.goog/data/definitions/197.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Numeric Truncation Error <span class="cweid Primary"> - (197)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">197</span> <span class="thisName">(Numeric Truncation Error)</span> </div> <div id="summary_11541163197" class="defsummary"> Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. </div> </div> <div class="group" id="11541163241"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163241" href="https://cwe-mitre-org.translate.goog/data/definitions/241.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Handling of Unexpected Data Type <span class="cweid Primary"> - (241)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">241</span> <span class="thisName">(Improper Handling of Unexpected Data Type)</span> </div> <div id="summary_11541163241" class="defsummary"> The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). </div> </div> <div class="group" id="11541163664"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/pillar.gif" alt="Pillar" class="icon"> <span class="tip">Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.</span> </span> </span> <span class="Primary"> <a name="11541163664" href="https://cwe-mitre-org.translate.goog/data/definitions/664.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Control of a Resource Through its Lifetime <span class="cweid Primary"> - (664)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">664</span> <span class="thisName">(Improper Control of a Resource Through its Lifetime)</span> </div> <div id="summary_11541163664" class="defsummary"> The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. </div> </div> <div class="group" id="11541163404"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163404" href="https://cwe-mitre-org.translate.goog/data/definitions/404.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Resource Shutdown or Release <span class="cweid Primary"> - (404)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">404</span> <span class="thisName">(Improper Resource Shutdown or Release)</span> </div> <div id="summary_11541163404" class="defsummary"> The product does not release or incorrectly releases a resource before it is made available for re-use. </div> </div> <div class="group" id="11541163459"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163459" href="https://cwe-mitre-org.translate.goog/data/definitions/459.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incomplete Cleanup <span class="cweid Primary"> - (459)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">459</span> <span class="thisName">(Incomplete Cleanup)</span> </div> <div id="summary_11541163459" class="defsummary"> The product does not properly "clean up" and remove temporary or supporting resources after they have been used. <span class="alt_terms"> <span>Insufficient Cleanup</span> </span> </div> </div> <div class="group" id="11541163772"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163772" href="https://cwe-mitre-org.translate.goog/data/definitions/772.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Release of Resource after Effective Lifetime <span class="cweid Primary"> - (772)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">772</span> <span class="thisName">(Missing Release of Resource after Effective Lifetime)</span> </div> <div id="summary_11541163772" class="defsummary"> The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. </div> </div> <div class="group" id="11541163773"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163773" href="https://cwe-mitre-org.translate.goog/data/definitions/773.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Reference to Active File Descriptor or Handle <span class="cweid Primary"> - (773)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">773</span> <span class="thisName">(Missing Reference to Active File Descriptor or Handle)</span> </div> <div id="summary_11541163773" class="defsummary"> The product does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. </div> </div> <div class="group" id="11541163775"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163775" href="https://cwe-mitre-org.translate.goog/data/definitions/775.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Release of File Descriptor or Handle after Effective Lifetime <span class="cweid Primary"> - (775)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">775</span> <span class="thisName">(Missing Release of File Descriptor or Handle after Effective Lifetime)</span> </div> <div id="summary_11541163775" class="defsummary"> The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. </div> </div> <div class="group" id="11541163771"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163771" href="https://cwe-mitre-org.translate.goog/data/definitions/771.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Reference to Active Allocated Resource <span class="cweid Primary"> - (771)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">771</span> <span class="thisName">(Missing Reference to Active Allocated Resource)</span> </div> <div id="summary_11541163771" class="defsummary"> The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. </div> </div> <div class="group" id="11541163910"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163910" href="https://cwe-mitre-org.translate.goog/data/definitions/910.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Expired File Descriptor <span class="cweid Primary"> - (910)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">910</span> <span class="thisName">(Use of Expired File Descriptor)</span> </div> <div id="summary_11541163910" class="defsummary"> The product uses or accesses a file descriptor after it has been closed. <span class="alt_terms"> <span>Stale file descriptor</span> </span> </div> </div> <div class="group" id="11541163666"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163666" href="https://cwe-mitre-org.translate.goog/data/definitions/666.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Operation on Resource in Wrong Phase of Lifetime <span class="cweid Primary"> - (666)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">666</span> <span class="thisName">(Operation on Resource in Wrong Phase of Lifetime)</span> </div> <div id="summary_11541163666" class="defsummary"> The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. </div> </div> <div class="group" id="11541163672"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163672" href="https://cwe-mitre-org.translate.goog/data/definitions/672.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Operation on a Resource after Expiration or Release <span class="cweid Primary"> - (672)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">672</span> <span class="thisName">(Operation on a Resource after Expiration or Release)</span> </div> <div id="summary_11541163672" class="defsummary"> The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. </div> </div> <div class="group" id="11541163758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541163758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> <div class="group" id="11541163686"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163686" href="https://cwe-mitre-org.translate.goog/data/definitions/686.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Function Call With Incorrect Argument Type <span class="cweid Primary"> - (686)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">686</span> <span class="thisName">(Function Call With Incorrect Argument Type)</span> </div> <div id="summary_11541163686" class="defsummary"> The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. </div> </div> <div class="group" id="11541163685"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541163685" href="https://cwe-mitre-org.translate.goog/data/definitions/685.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Function Call With Incorrect Number of Arguments <span class="cweid Primary"> - (685)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1163</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO))</span> > <span class="thisId">685</span> <span class="thisName">(Function Call With Incorrect Number of Arguments)</span> </div> <div id="summary_11541163685" class="defsummary"> The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses. </div> </div> </div> </div> <div class="group" id="11541165"><span> <a href="javascript:toggleblocks('11541165');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541165" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541165" href="https://cwe-mitre-org.translate.goog/data/definitions/1165.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) <span class="cweid Primary"> - (1165)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1165</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 10. Environment (ENV))</span> </div> <div id="summary_11541165" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Environment (ENV) section of the SEI CERT C Coding Standard. </div> <div name="block_11541165" id="block_11541165" class="collapseblock"> <div class="group" id="11541165705"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541165705" href="https://cwe-mitre-org.translate.goog/data/definitions/705.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Control Flow Scoping <span class="cweid Primary"> - (705)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1165</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 10. Environment (ENV))</span> > <span class="thisId">705</span> <span class="thisName">(Incorrect Control Flow Scoping)</span> </div> <div id="summary_11541165705" class="defsummary"> The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. </div> </div> <div class="group" id="11541165676"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541165676" href="https://cwe-mitre-org.translate.goog/data/definitions/676.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Potentially Dangerous Function <span class="cweid Primary"> - (676)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1165</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 10. Environment (ENV))</span> > <span class="thisId">676</span> <span class="thisName">(Use of Potentially Dangerous Function)</span> </div> <div id="summary_11541165676" class="defsummary"> The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. </div> </div> <div class="group" id="1154116578"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="1154116578" href="https://cwe-mitre-org.translate.goog/data/definitions/78.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') <span class="cweid Primary"> - (78)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1165</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 10. Environment (ENV))</span> > <span class="thisId">78</span> <span class="thisName">(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'))</span> </div> <div id="summary_1154116578" class="defsummary"> The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. <span class="alt_terms"> <span>Shell injection</span> <span>Shell metacharacters</span> <span>OS Command Injection</span> </span> </div> </div> <div class="group" id="1154116588"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="1154116588" href="https://cwe-mitre-org.translate.goog/data/definitions/88.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') <span class="cweid Primary"> - (88)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1165</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 10. Environment (ENV))</span> > <span class="thisId">88</span> <span class="thisName">(Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'))</span> </div> <div id="summary_1154116588" class="defsummary"> The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. </div> </div> </div> </div> <div class="group" id="11541166"><span> <a href="javascript:toggleblocks('11541166');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541166" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541166" href="https://cwe-mitre-org.translate.goog/data/definitions/1166.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) <span class="cweid Primary"> - (1166)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1166</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 11. Signals (SIG))</span> </div> <div id="summary_11541166" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Signals (SIG) section of the SEI CERT C Coding Standard. </div> <div name="block_11541166" id="block_11541166" class="collapseblock"> <div class="group" id="11541166479"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541166479" href="https://cwe-mitre-org.translate.goog/data/definitions/479.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Signal Handler Use of a Non-reentrant Function <span class="cweid Primary"> - (479)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1166</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 11. Signals (SIG))</span> > <span class="thisId">479</span> <span class="thisName">(Signal Handler Use of a Non-reentrant Function)</span> </div> <div id="summary_11541166479" class="defsummary"> The product defines a signal handler that calls a non-reentrant function. </div> </div> <div class="group" id="11541166662"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541166662" href="https://cwe-mitre-org.translate.goog/data/definitions/662.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Synchronization <span class="cweid Primary"> - (662)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1166</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 11. Signals (SIG))</span> > <span class="thisId">662</span> <span class="thisName">(Improper Synchronization)</span> </div> <div id="summary_11541166662" class="defsummary"> The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. </div> </div> </div> </div> <div class="group" id="11541167"><span> <a href="javascript:toggleblocks('11541167');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541167" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541167" href="https://cwe-mitre-org.translate.goog/data/definitions/1167.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) <span class="cweid Primary"> - (1167)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> </div> <div id="summary_11541167" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Error Handling (ERR) section of the SEI CERT C Coding Standard. </div> <div name="block_11541167" id="block_11541167" class="collapseblock"> <div class="group" id="11541167456"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541167456" href="https://cwe-mitre-org.translate.goog/data/definitions/456.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Missing Initialization of a Variable <span class="cweid Primary"> - (456)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> > <span class="thisId">456</span> <span class="thisName">(Missing Initialization of a Variable)</span> </div> <div id="summary_11541167456" class="defsummary"> The product does not initialize critical variables, which causes the execution environment to use unexpected values. </div> </div> <div class="group" id="11541167391"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541167391" href="https://cwe-mitre-org.translate.goog/data/definitions/391.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unchecked Error Condition <span class="cweid Primary"> - (391)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> > <span class="thisId">391</span> <span class="thisName">(Unchecked Error Condition)</span> </div> <div id="summary_11541167391" class="defsummary"> [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. </div> </div> <div class="group" id="11541167252"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541167252" href="https://cwe-mitre-org.translate.goog/data/definitions/252.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unchecked Return Value <span class="cweid Primary"> - (252)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> > <span class="thisId">252</span> <span class="thisName">(Unchecked Return Value)</span> </div> <div id="summary_11541167252" class="defsummary"> The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. </div> </div> <div class="group" id="11541167253"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541167253" href="https://cwe-mitre-org.translate.goog/data/definitions/253.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Check of Function Return Value <span class="cweid Primary"> - (253)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> > <span class="thisId">253</span> <span class="thisName">(Incorrect Check of Function Return Value)</span> </div> <div id="summary_11541167253" class="defsummary"> The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions. </div> </div> <div class="group" id="11541167676"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541167676" href="https://cwe-mitre-org.translate.goog/data/definitions/676.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Potentially Dangerous Function <span class="cweid Primary"> - (676)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> > <span class="thisId">676</span> <span class="thisName">(Use of Potentially Dangerous Function)</span> </div> <div id="summary_11541167676" class="defsummary"> The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. </div> </div> <div class="group" id="11541167758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541167758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1167</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541167758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> </div> </div> <div class="group" id="11541168"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541168" href="https://cwe-mitre-org.translate.goog/data/definitions/1168.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API) <span class="cweid Primary"> - (1168)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1168</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API))</span> </div> <div id="summary_11541168" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Application Programming Interfaces (API) section of the SEI CERT C Coding Standard. </div> </div> <div class="group" id="11541169"><span> <a href="javascript:toggleblocks('11541169');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541169" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541169" href="https://cwe-mitre-org.translate.goog/data/definitions/1169.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) <span class="cweid Primary"> - (1169)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1169</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON))</span> </div> <div id="summary_11541169" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Concurrency (CON) section of the SEI CERT C Coding Standard. </div> <div name="block_11541169" id="block_11541169" class="collapseblock"> <div class="group" id="11541169667"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541169667" href="https://cwe-mitre-org.translate.goog/data/definitions/667.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Locking <span class="cweid Primary"> - (667)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1169</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON))</span> > <span class="thisId">667</span> <span class="thisName">(Improper Locking)</span> </div> <div id="summary_11541169667" class="defsummary"> The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. </div> </div> <div class="group" id="11541169366"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541169366" href="https://cwe-mitre-org.translate.goog/data/definitions/366.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Race Condition within a Thread <span class="cweid Primary"> - (366)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1169</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON))</span> > <span class="thisId">366</span> <span class="thisName">(Race Condition within a Thread)</span> </div> <div id="summary_11541169366" class="defsummary"> If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. </div> </div> <div class="group" id="11541169676"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541169676" href="https://cwe-mitre-org.translate.goog/data/definitions/676.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Potentially Dangerous Function <span class="cweid Primary"> - (676)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1169</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON))</span> > <span class="thisId">676</span> <span class="thisName">(Use of Potentially Dangerous Function)</span> </div> <div id="summary_11541169676" class="defsummary"> The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. </div> </div> <div class="group" id="11541169330"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541169330" href="https://cwe-mitre-org.translate.goog/data/definitions/330.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Insufficiently Random Values <span class="cweid Primary"> - (330)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1169</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON))</span> > <span class="thisId">330</span> <span class="thisName">(Use of Insufficiently Random Values)</span> </div> <div id="summary_11541169330" class="defsummary"> The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. </div> </div> <div class="group" id="11541169377"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541169377" href="https://cwe-mitre-org.translate.goog/data/definitions/377.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Insecure Temporary File <span class="cweid Primary"> - (377)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1169</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON))</span> > <span class="thisId">377</span> <span class="thisName">(Insecure Temporary File)</span> </div> <div id="summary_11541169377" class="defsummary"> Creating and using insecure temporary files can leave application and system data vulnerable to attack. </div> </div> </div> </div> <div class="group" id="11541170"><span> <a href="javascript:toggleblocks('11541170');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541170" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541170" href="https://cwe-mitre-org.translate.goog/data/definitions/1170.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) <span class="cweid Primary"> - (1170)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> </div> <div id="summary_11541170" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT C Coding Standard. </div> <div name="block_11541170" id="block_11541170" class="collapseblock"> <div class="group" id="11541170327"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541170327" href="https://cwe-mitre-org.translate.goog/data/definitions/327.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of a Broken or Risky Cryptographic Algorithm <span class="cweid Primary"> - (327)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> > <span class="thisId">327</span> <span class="thisName">(Use of a Broken or Risky Cryptographic Algorithm)</span> </div> <div id="summary_11541170327" class="defsummary"> The product uses a broken or risky cryptographic algorithm or protocol. </div> </div> <div class="group" id="11541170330"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541170330" href="https://cwe-mitre-org.translate.goog/data/definitions/330.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Insufficiently Random Values <span class="cweid Primary"> - (330)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> > <span class="thisId">330</span> <span class="thisName">(Use of Insufficiently Random Values)</span> </div> <div id="summary_11541170330" class="defsummary"> The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. </div> </div> <div class="group" id="11541170338"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541170338" href="https://cwe-mitre-org.translate.goog/data/definitions/338.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) <span class="cweid Primary"> - (338)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> > <span class="thisId">338</span> <span class="thisName">(Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG))</span> </div> <div id="summary_11541170338" class="defsummary"> The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. </div> </div> <div class="group" id="11541170676"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541170676" href="https://cwe-mitre-org.translate.goog/data/definitions/676.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Potentially Dangerous Function <span class="cweid Primary"> - (676)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> > <span class="thisId">676</span> <span class="thisName">(Use of Potentially Dangerous Function)</span> </div> <div id="summary_11541170676" class="defsummary"> The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. </div> </div> <div class="group" id="11541170331"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541170331" href="https://cwe-mitre-org.translate.goog/data/definitions/331.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Insufficient Entropy <span class="cweid Primary"> - (331)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> > <span class="thisId">331</span> <span class="thisName">(Insufficient Entropy)</span> </div> <div id="summary_11541170331" class="defsummary"> The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. </div> </div> <div class="group" id="11541170758"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541170758" href="https://cwe-mitre-org.translate.goog/data/definitions/758.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Reliance on Undefined, Unspecified, or Implementation-Defined Behavior <span class="cweid Primary"> - (758)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1170</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC))</span> > <span class="thisId">758</span> <span class="thisName">(Reliance on Undefined, Unspecified, or Implementation-Defined Behavior)</span> </div> <div id="summary_11541170758" class="defsummary"> The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. </div> </div> </div> </div> <div class="group" id="11541171"><span> <a href="javascript:toggleblocks('11541171');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541171" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541171" href="https://cwe-mitre-org.translate.goog/data/definitions/1171.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) <span class="cweid Primary"> - (1171)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> </div> <div id="summary_11541171" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) section of the SEI CERT C Coding Standard. </div> <div name="block_11541171" id="block_11541171" class="collapseblock"> <div class="group" id="11541171170"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171170" href="https://cwe-mitre-org.translate.goog/data/definitions/170.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Null Termination <span class="cweid Primary"> - (170)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">170</span> <span class="thisName">(Improper Null Termination)</span> </div> <div id="summary_11541171170" class="defsummary"> The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. </div> </div> <div class="group" id="11541171242"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171242" href="https://cwe-mitre-org.translate.goog/data/definitions/242.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Use of Inherently Dangerous Function <span class="cweid Primary"> - (242)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">242</span> <span class="thisName">(Use of Inherently Dangerous Function)</span> </div> <div id="summary_11541171242" class="defsummary"> The product calls a function that can never be guaranteed to work safely. </div> </div> <div class="group" id="11541171363"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171363" href="https://cwe-mitre-org.translate.goog/data/definitions/363.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Race Condition Enabling Link Following <span class="cweid Primary"> - (363)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">363</span> <span class="thisName">(Race Condition Enabling Link Following)</span> </div> <div id="summary_11541171363" class="defsummary"> The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file. </div> </div> <div class="group" id="11541171696"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171696" href="https://cwe-mitre-org.translate.goog/data/definitions/696.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Behavior Order <span class="cweid Primary"> - (696)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">696</span> <span class="thisName">(Incorrect Behavior Order)</span> </div> <div id="summary_11541171696" class="defsummary"> The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses. </div> </div> <div class="group" id="11541171273"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171273" href="https://cwe-mitre-org.translate.goog/data/definitions/273.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Check for Dropped Privileges <span class="cweid Primary"> - (273)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">273</span> <span class="thisName">(Improper Check for Dropped Privileges)</span> </div> <div id="summary_11541171273" class="defsummary"> The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. </div> </div> <div class="group" id="11541171667"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/class.gif" alt="Class" class="icon"> <span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171667" href="https://cwe-mitre-org.translate.goog/data/definitions/667.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Improper Locking <span class="cweid Primary"> - (667)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">667</span> <span class="thisName">(Improper Locking)</span> </div> <div id="summary_11541171667" class="defsummary"> The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. </div> </div> <div class="group" id="11541171391"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171391" href="https://cwe-mitre-org.translate.goog/data/definitions/391.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unchecked Error Condition <span class="cweid Primary"> - (391)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">391</span> <span class="thisName">(Unchecked Error Condition)</span> </div> <div id="summary_11541171391" class="defsummary"> [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. </div> </div> <div class="group" id="11541171252"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171252" href="https://cwe-mitre-org.translate.goog/data/definitions/252.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Unchecked Return Value <span class="cweid Primary"> - (252)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">252</span> <span class="thisName">(Unchecked Return Value)</span> </div> <div id="summary_11541171252" class="defsummary"> The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. </div> </div> <div class="group" id="11541171253"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/base.gif" alt="Base" class="icon"> <span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541171253" href="https://cwe-mitre-org.translate.goog/data/definitions/253.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Incorrect Check of Function Return Value <span class="cweid Primary"> - (253)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1171</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 50. POSIX (POS))</span> > <span class="thisId">253</span> <span class="thisName">(Incorrect Check of Function Return Value)</span> </div> <div id="summary_11541171253" class="defsummary"> The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions. </div> </div> </div> </div> <div class="group" id="11541172"><span> <a href="javascript:toggleblocks('11541172');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"> <img id="img_11541172" src="/images/plus.gif" border="0" alt="+"> </a> </span> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/category.gif" alt="Category" class="icon"> <span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span> </span> </span> <span class="Primary"> <a name="11541172" href="https://cwe-mitre-org.translate.goog/data/definitions/1172.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) <span class="cweid Primary"> - (1172)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1172</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) )</span> </div> <div id="summary_11541172" class="defsummary"> Weaknesses in this category are related to the rules and recommendations in the Microsoft Windows (WIN) section of the SEI CERT C Coding Standard. </div> <div name="block_11541172" id="block_11541172" class="collapseblock"> <div class="group" id="11541172762"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541172762" href="https://cwe-mitre-org.translate.goog/data/definitions/762.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Mismatched Memory Management Routines <span class="cweid Primary"> - (762)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1172</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) )</span> > <span class="thisId">762</span> <span class="thisName">(Mismatched Memory Management Routines)</span> </div> <div id="summary_11541172762" class="defsummary"> The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. </div> </div> <div class="group" id="11541172590"><img src="/images/bullet.gif" border="0" alt="*"> <span class="graph_title"> <span style="margin-left:3px; margin-right:3px" class="right"> <span class="tool"><img src="/images/icons/variant.gif" alt="Variant" class="icon"> <span class="tip">Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.</span> </span> </span> <span class="Primary"> <a name="11541172590" href="https://cwe-mitre-org.translate.goog/data/definitions/590.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB" target="_blank" rel="noopener noreferrer"> Free of Memory not on the Heap <span class="cweid Primary"> - (590)</span> </a> </span> </span> <div class="path hideIt" onclick="toggleNames(this);"><span class="thisId">1154</span> <span class="thisName">(Weaknesses Addressed by the SEI CERT C Coding Standard)</span> > <span class="thisId">1172</span> <span class="thisName">(SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) )</span> > <span class="thisId">590</span> <span class="thisName">(Free of Memory not on the Heap)</span> </div> <div id="summary_11541172590" class="defsummary"> The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). </div> </div> </div> </div> </div> <div align="right" style="padding-top:5px; padding-bottom:5px; clear:right" class="noprint"> <a class="backtop" href="https://cwe-mitre-org.translate.goog/data/definitions/1154.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#top">Back to top</a> </div><a xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Definition"></a> <div xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="DefPane"></div> </div> </div> </div> </div> </div> <div id="Vulnerability_Mapping_Notes"> <div class="heading" id="Vulnerability_Mapping_Notes_1154"> <span><a href="javascript:toggleblocksOC('1154_Vulnerability_Mapping_Notes');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Vulnerability_Mapping_Notes" src="/images/head_more.gif" border="0" alt="+"></a> </span>Vulnerability Mapping Notes </div> <div name="oc_1154_Vulnerability_Mapping_Notes" id="oc_1154_Vulnerability_Mapping_Notes" class="expandblock"> <div class="detail"> <div class="indent"> <div id="Grouped"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tbody> <tr> <td><p class="subheading" style="display:inline-block;">Usage: <span style="color:#FF0000"> PROHIBITED </span></p> <div style="font-size:90%; font-style:italic; padding:5px;display:inline-block;"> (this CWE ID must not be used to map to real-world vulnerabilities) </div></td> </tr> <tr> <td valign="top" width="100%"><p><span class="suboptheading">Reason: </span> View</p></td> </tr> <tr> <td><p class="suboptheading">Rationale:</p> This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.</td> </tr> <tr> <td><p class="suboptheading">Comments:</p>Use this View or other Views to search and navigate for the appropriate weakness.</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="Notes"> <div class="heading" id="Notes_1154"> <span><a href="javascript:toggleblocksOC('1154_Notes');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Notes" src="/images/head_more.gif" border="0" alt="+"></a> </span>Notes </div> <div name="oc_1154_Notes" id="oc_1154_Notes" class="expandblock"> <div class="detail"> <div class="indent"> <div class="Relationship_Note"> <p class="subheading">Relationship</p> <div class="indent"> The relationships in this view were determined based on specific statements within the rules from the standard. Not all rules have direct relationships to individual weaknesses, although they likely have chaining relationships in specific circumstances. </div> </div> </div> </div> </div> </div> <div id="References"> <div class="heading" id="References_1154"> <span><a href="javascript:toggleblocksOC('1154_References');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_References" src="/images/head_more.gif" border="0" alt="+"></a> </span>References </div> <div name="oc_1154_References" id="oc_1154_References" class="expandblock"> <div class="detail"> <div class="indent"> <div id="Grouped"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tbody> <tr> <td valign="top"> <div id="REF-598_1154"> [REF-598] The Software Engineering Institute. "SEI CERT C Coding Standard". <<a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://wiki.sei.cmu.edu/confluence/display/c/SEI%2BCERT%2BC%2BCoding%2BStandard" target="_blank" rel="noopener noreferrer">https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard</a>>. </div></td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="View_Metrics"> <div class="heading" id="View_Metrics_1154"> <span><a href="javascript:toggleblocksOC('1154_View_Metrics');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_View_Metrics" src="/images/head_more.gif" border="0" alt="+"></a> </span>View Metrics </div> <div name="oc_1154_View_Metrics" id="oc_1154_View_Metrics" class="expandblock"> <div class="tabledetail"> <div class="indent"> <div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" id="Detail"> <table cellpadding="0" cellspacing="0" border="0" width="98%"> <tbody> <tr> <th class="title" valign="top" width="120px"></th> <th class="title" valign="top">CWEs in this view</th> <th class="title" valign="top" width="60px"></th> <th class="title" valign="top" width="60%">Total CWEs</th> </tr> <tr> <td valign="top"><b>Weaknesses</b></td> <td valign="top">78</td> <td valign="top" nowrap>out of</td> <td valign="top">940</td> </tr> <tr> <td valign="top"><b>Categories</b></td> <td valign="top">17</td> <td valign="top" nowrap>out of</td> <td valign="top">374</td> </tr> <tr> <td valign="top"><b>Views</b></td> <td valign="top">0</td> <td valign="top" nowrap>out of</td> <td valign="top">51</td> </tr> <tr> <td valign="top" class="ltgreybackground"><b>Total</b></td> <td valign="top" class="ltgreybackground"><b>95</b></td> <td valign="top" class="ltgreybackground" nowrap>out of</td> <td valign="top" class="ltgreybackground">1365</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> <div id="Content_History"> <div class="heading" id="Content_History_1154"> <span><a href="javascript:toggleblocksOC('1154_Content_History');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Content_History" src="/images/head_more.gif" border="0" alt="+"></a> </span>Content History </div> <div name="oc_1154_Content_History" id="oc_1154_Content_History" class="expandblock"> <div class="tabledetail"> <div class="indent"> <div style="margin-top: 10px"> <table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <thead class="Submissions"> <tr> <th valign="top" colspan="3" class="title"><span><a href="javascript:toggleblocksOC('1154_Submissions');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Submissions" src="/images/head_more.gif" border="0" alt="+"></a> </span>Submissions</th> </tr> </thead> <tbody id="oc_1154_Submissions" class="expandblock"> <tr> <th valign="top" style="width:200px;">Submission Date</th> <th valign="top" nowrap>Submitter</th> <th valign="top" nowrap>Organization</th> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2018-12-18 <br><span class="smaller" style="font-style:italic">(CWE 3.2, 2019-01-03)</span></td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee"></td> </tr> </tbody> <thead class="Modifications"> <tr> <th valign="top" colspan="3" class="title"><span><a href="javascript:toggleblocksOC('1154_Modifications');?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img id="ocimg_1154_Modifications" src="/images/head_less.gif" border="0" alt="+"></a> </span>Modifications</th> </tr> </thead> <tbody id="oc_1154_Modifications" class="collapseblock"> <tr> <th valign="top">Modification Date</th> <th valign="top" nowrap>Modifier</th> <th valign="top" nowrap>Organization</th> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2020-02-24</td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated View_Audience</td> </tr> <tr> <td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2023-06-29</td> <td valign="top">CWE Content Team</td> <td valign="top">MITRE</td> </tr> <tr> <td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Mapping_Notes</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> </div> <!-- End main content --> <div id="More_Message_Custom" style="display:none;"> <div style="padding:15px 0px 0px 0px;color:#ff0000;font-size:95%;font-weight:bold;text-align:center;"> More information is available — Please edit the custom filter or select a different filter. </div> </div></td><!-- end content pane --> </tr> </tbody> </table> <div id="FootPane" class="noprint"> <div id="footbar"><b>Page Last Updated: </b> November 19, 2024 </div> <div class="Footer noprint"><a name="footer" id="footer"></a> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="ltgreybackground" style="clear:both"> <tbody> <tr> <td colspan="3" id="line"> <div class="line"> </div></td> </tr> <tr> <td valign="middle" nowrap> <div id="footerlinks" class="footlogo"><a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=http://www.mitre.org" target="_blank" rel="noopener noreferrer"><img src="/images/mitre_logo.gif" height="36" border="0" alt="MITRE" title="MITRE"></a> </div></td> <td width="100%" valign="top" style="padding:6px 0px;"> <div id="footerlinks"><a href="https://cwe-mitre-org.translate.goog/sitemap.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Site Map</a> | <a href="https://cwe-mitre-org.translate.goog/about/termsofuse.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Terms of Use</a> | <a href="https://cwe-mitre-org.translate.goog/data/definitions/1154.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB#" onclick="Osano.cm.showDrawer('osano-cm-dom-info-dialog-open')">Manage Cookies</a> | <a href="https://cwe-mitre-org.translate.goog/about/cookie_notice.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Cookie Notice</a> | <a href="https://cwe-mitre-org.translate.goog/about/privacy_policy.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Privacy Policy</a> | <a href="mailto:cwe@mitre.org?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Contact Us</a> | <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://twitter.com/CweCapec"><img src="/images/x-logo-black.png" width="18" height="18" style="border:0;vertical-align:right;" alt="CWE X-Twitter" title="CWE X-Twitter"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://mastodon.social/@CWE_Program"><img src="/images/mastodon-logo.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Mastodon" title="CWE Mastodon"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.linkedin.com/showcase/cve-cwe-capec"><img src="/images/linkedin_sm.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on LinkedIn" title="CWE on LinkedIn"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA"><img src="/images/youtube.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE YouTube channel" title="CWE YouTube Channel"></a> <a href="https://cwe-mitre-org.translate.goog/news/podcast.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB"><img src="/images/out_of_bounds_read_logo.png" width="22" height="22" style="border:0;vertical-align:right;" alt="CWE Out-of-Bounds-Read Podcast" title="CWE Out-of-Bounds-Read Podcast"></a> <a target="_blank" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://medium.com/@CWE_CAPEC"><img src="/images/medium.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Blog on Medium blog" title="CWE Blog on Medium"></a> </div><p>Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the <a href="https://cwe-mitre-org.translate.goog/about/termsofuse.html?_x_tr_sl=pl&_x_tr_tl=lv&_x_tr_hl=en-GB">Terms of Use</a>. CWE is sponsored by the <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/">U.S. Department of Homeland Security</a> (DHS) <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency</a> (CISA) and managed by the <a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer">Homeland Security Systems Engineering and Development Institute</a> (HSSEDI) which is operated by <a target="_blank" rel="noopener noreferrer" href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=http://www.mitre.org/">The MITRE Corporation</a> (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.</p></td> <td valign="middle" nowrap> <div id="footerlinks" class="footlogo"><a href="https://translate.google.com/website?sl=pl&tl=lv&hl=en-GB&u=https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer"><img src="/images/hssedi.png" height="36" border="0" alt="HSSEDI" title="HSSEDI"></a> </div></td> </tr> </tbody> </table> </div> </div><!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-TCLW30GNGV"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-TCLW30GNGV'); </script> <script>function gtElInit() {var lib = new google.translate.TranslateService();lib.translatePage('pl', 'lv', function () {});}</script> <script src="https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-GB&client=wt" type="text/javascript"></script> </body> </html>