Weaknesses in Software Written in C

A view in the Common Weakness Enumeration published by The MITRE Corporation.


Objective

Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.

This view (slice) covers issues that are found in C programs that are not common to all languages.

Weaknesses

Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompa...

Addition of Data Structure Sentinel

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

Assigning instead of Comparing

The code uses an operator for assignment when the intention was to perform a comparison.

Assignment of a Fixed Address to a Pointer

The software sets a pointer to a specific address other than NULL or 0.

Buffer Access Using Size of Source Buffer

The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds o...

Buffer Access with Incorrect Length Value

The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds...

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buf...

Buffer Over-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Buffer Under-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

Buffer Underwrite ('Buffer Underflow')

The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Comparing instead of Assigning

The code uses an operator for comparison when the intention was to perform an assignment.

Compiler Optimization Removal or Modification of Security-critical Code

The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.

Compiler Removal of Code to Clear Buffers

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...

Creation of chroot Jail Without Changing Working Directory

The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the j...

Deletion of Data Structure Sentinel

The accidental deletion of a data-structure sentinel can cause serious programming logic problems.

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Duplicate Key in Associative List (Alist)

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

Exposed IOCTL with Insufficient Access Control

The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

Function Call With Incorrect Number of Arguments

The software calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resul...

Function Call With Incorrect Variable or Reference as Argument

The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined beh...

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer ...

Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.

Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

Improper Handling of Length Parameter Inconsistency

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the a...

Improper Null Termination

The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Improper Restriction of Operations within the Bounds of a Memory Buffer

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Improper Update of Reference Count

The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

Improperly Controlled Sequential Memory Allocation

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memor...

Incorrect Bitwise Shift of Integer

An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected ...

Incorrect Block Delimitation

The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.

Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Incorrect Calculation of Multi-Byte String Length

The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.

Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

Integer Coercion Error

Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the co...

Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of mem...

Mismatched Memory Management Routines

The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used t...

Missing Default Case in Switch Statement

The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.

Missing Release of Memory after Effective Lifetime

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Numeric Range Comparison Without Minimum Check

The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Omitted Break Statement in Switch

The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...

Operator Precedence Logic Error

The program uses an expression in which operator precedence causes incorrect logic to be used.

Out-of-bounds Read

The software reads data past the end, or before the beginning, of the intended buffer.

Out-of-bounds Write

The software writes data past the end, or before the beginning, of the intended buffer.

Passing Mutable Objects to an Untrusted Method

The program sends non-cloned mutable data as an argument to a method or function.

Permission Race Condition During Resource Copy

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to...

Private Data Structure Returned From A Public Method

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Public Data Assigned to Private Array-Typed Field

Assigning public data to a private array is equivalent to giving public access to the array.

Race Condition in Switch

The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.

Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...

Reliance on Data/Memory Layout

The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.

Return of Pointer Value Outside of Expected Range

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Return of Stack Variable Address

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

Returning a Mutable Object to an Untrusted Caller

Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.

Signal Handler Race Condition

The software uses a signal handler that introduces a race condition.

Signal Handler Use of a Non-reentrant Function

The program defines a signal handler that calls a non-reentrant function.

Signed to Unsigned Conversion Error

The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not b...

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter ...

Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer der...

Unexpected Sign Extension

The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative,...

Unsigned to Signed Conversion Error

The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not...

Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Use of Expired File Descriptor

The software uses or accesses a file descriptor after it has been closed.

Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Use of Function with Inconsistent Implementations

The code uses a function that has inconsistent implementations across operating systems and versions.

Use of getlogin() in Multithreaded Application

The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.

Use of Incorrect Operator

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.

Use of Inherently Dangerous Function

The program calls a function that can never be guaranteed to work safely.

Use of Path Manipulation Function without Maximum-sized Buffer

The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.

Use of Pointer Subtraction to Determine Size

The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory ch...

Use of Potentially Dangerous Function

The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Use of sizeof() on a Pointer Type

The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...

Use of umask() with chmod-style Argument

The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().

Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

Wrap-around Error

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.