Category: CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) chapter of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-14 | Compiler Removal of Code to Clear Buffers | Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal." |
| CWE-176 | Improper Handling of Unicode Encoding | The product does not properly handle when an input contains Unicode encoding. |
| CWE-20 | Improper Input Validation | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-330 | Use of Insufficiently Random Values | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
| CWE-480 | Use of Incorrect Operator | The product accidentally uses the wrong operator, which changes the logic in security-relevant ways. |
| CWE-482 | Comparing instead of Assigning | The code uses an operator for comparison when the intention was to perform an assignment. |
| CWE-561 | Dead Code | The product contains dead code, which can never be executed. |
| CWE-563 | Assignment to Variable without Use | The variable's value is assigned but never used, making it a dead store. |
| CWE-570 | Expression is Always False | The product contains an expression that will always evaluate to false. |
| CWE-571 | Expression is Always True | The product contains an expression that will always evaluate to true. |
| CWE-697 | Incorrect Comparison | The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
| CWE-704 | Incorrect Type Conversion or Cast | The product does not correctly convert an object, resource, or structure from one type to a different type. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.