Category: SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT C Coding Standard.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-476 | NULL Pointer Dereference | The product dereferences a pointer that it expects to be valid but is NULL. |
| CWE-480 | Use of Incorrect Operator | The product accidentally uses the wrong operator, which changes the logic in security-relevant ways. |
| CWE-481 | Assigning instead of Comparing | The code uses an operator for assignment when the intention was to perform a comparison. |
| CWE-628 | Function Call with Incorrectly Specified Arguments | The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses. |
| CWE-685 | Function Call With Incorrect Number of Arguments | The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses. |
| CWE-686 | Function Call With Incorrect Argument Type | The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. |
| CWE-704 | Incorrect Type Conversion or Cast | The product does not correctly convert an object, resource, or structure from one type to a different type. |
| CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
| CWE-908 | Use of Uninitialized Resource | The product uses or accesses a resource that has not been initialized. |
| CWE-1154 | Weaknesses Addressed by the SEI CERT C Coding Standard | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT C Coding Standard. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.