A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper handling of pointers.
The product accesses or uses a pointer that has not been initialized.
The product sets a pointer to a specific address other than NULL or 0.
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the result...
The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...