Category: Comprehensive Categorization: Memory Safety
Incomplete
Summary
Weaknesses in this category are related to memory safety.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-122 | Heap-based Buffer Overflow | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-123 | Write-what-where Condition | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
| CWE-124 | Buffer Underwrite ('Buffer Underflow') | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
| CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-126 | Buffer Over-read | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
| CWE-127 | Buffer Under-read | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer. |
| CWE-129 | Improper Validation of Array Index | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
| CWE-131 | Incorrect Calculation of Buffer Size | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
| CWE-134 | Use of Externally-Controlled Format String | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
| CWE-188 | Reliance on Data/Memory Layout | The product makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior. |
| CWE-198 | Use of Incorrect Byte Ordering | The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used. |
| CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. |
| CWE-401 | Missing Release of Memory after Effective Lifetime | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
| CWE-415 | Double Free | The product calls free() twice on the same memory address. |
| CWE-416 | Use After Free | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
| CWE-466 | Return of Pointer Value Outside of Expected Range | A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference. |
| CWE-562 | Return of Stack Variable Address | A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | The product sets a pointer to a specific address other than NULL or 0. |
| CWE-590 | Free of Memory not on the Heap | The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). |
| CWE-680 | Integer Overflow to Buffer Overflow | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. |
| CWE-761 | Free of Pointer not at Start of Buffer | The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer. |
| CWE-762 | Mismatched Memory Management Routines | The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. |
| CWE-763 | Release of Invalid Pointer or Reference | The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. |
| CWE-786 | Access of Memory Location Before Start of Buffer | The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
| CWE-787 | Out-of-bounds Write | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-788 | Access of Memory Location After End of Buffer | The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. |
| CWE-789 | Memory Allocation with Excessive Size Value | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
| CWE-805 | Buffer Access with Incorrect Length Value | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
| CWE-806 | Buffer Access Using Size of Source Buffer | The product uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer. |
| CWE-822 | Untrusted Pointer Dereference | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
| CWE-823 | Use of Out-of-range Pointer Offset | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
| CWE-824 | Access of Uninitialized Pointer | The product accesses or uses a pointer that has not been initialized. |
| CWE-825 | Expired Pointer Dereference | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Comment:
See member weaknesses of this category.