CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to rules in the Miscellaneous (MSC) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.
The variable's value is assigned but never used, making it a dead store.
The code uses an operator for comparison when the intention was to perform an assignment.
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
The product contains dead code, which can never be executed.
The product contains an expression that will always evaluate to false.
The product contains an expression that will always evaluate to true.
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a re...
The product does not properly handle when an input contains Unicode encoding.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
The product does not correctly convert an object, resource, or structure from one type to a different type.
The product uses a broken or risky cryptographic algorithm or protocol.
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Deprecated or Obsolete
CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being ac...