Category: SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) section of the SEI CERT C Coding Standard.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-123 | Write-what-where Condition | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
| CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-129 | Improper Validation of Array Index | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
| CWE-468 | Incorrect Pointer Scaling | In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. |
| CWE-469 | Use of Pointer Subtraction to Determine Size | The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk. |
| CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. |
| CWE-786 | Access of Memory Location Before Start of Buffer | The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
| CWE-805 | Buffer Access with Incorrect Length Value | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
| CWE-1154 | Weaknesses Addressed by the SEI CERT C Coding Standard | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT C Coding Standard. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.