Category: CERT C++ Secure Coding Section 04 - Integers (INT)
Incomplete
Summary
Weaknesses in this category are related to rules in the Integers (INT) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-129 | Improper Validation of Array Index | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
| CWE-190 | Integer Overflow or Wraparound | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
| CWE-192 | Integer Coercion Error | Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. |
| CWE-197 | Numeric Truncation Error | Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. |
| CWE-20 | Improper Input Validation | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-369 | Divide By Zero | The product divides a value by zero. |
| CWE-466 | Return of Pointer Value Outside of Expected Range | A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | The product sets a pointer to a specific address other than NULL or 0. |
| CWE-606 | Unchecked Input for Loop Condition | The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping. |
| CWE-676 | Use of Potentially Dangerous Function | The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. |
| CWE-681 | Incorrect Conversion between Numeric Types | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
| CWE-682 | Incorrect Calculation | The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
| CWE-868 | Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) | CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being actively maintained, since it statically represents the coding rules as they were in 2016. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.