Category: CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) appendix of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-170 | Improper Null Termination | The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. |
| CWE-242 | Use of Inherently Dangerous Function | The product calls a function that can never be guaranteed to work safely. |
| CWE-272 | Least Privilege Violation | The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
| CWE-273 | Improper Check for Dropped Privileges | The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. |
| CWE-363 | Race Condition Enabling Link Following | The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file. |
| CWE-366 | Race Condition within a Thread | If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. |
| CWE-562 | Return of Stack Variable Address | A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash. |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
| CWE-667 | Improper Locking | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
| CWE-686 | Function Call With Incorrect Argument Type | The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. |
| CWE-696 | Incorrect Behavior Order | The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.