A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper handling of pointers.
The program accesses or uses a pointer that has not been initialized.
The software sets a pointer to a specific address other than NULL or 0.
Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the result...
The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory ch...
The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...