Category: CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
Incomplete
Summary
Weaknesses in this category are related to rules in the Miscellaneous (MSC) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-116 | Improper Encoding or Escaping of Output | The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. |
| CWE-14 | Compiler Removal of Code to Clear Buffers | Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal." |
| CWE-176 | Improper Handling of Unicode Encoding | The product does not properly handle when an input contains Unicode encoding. |
| CWE-20 | Improper Input Validation | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | The product uses a broken or risky cryptographic algorithm or protocol. |
| CWE-330 | Use of Insufficiently Random Values | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
| CWE-480 | Use of Incorrect Operator | The product accidentally uses the wrong operator, which changes the logic in security-relevant ways. |
| CWE-482 | Comparing instead of Assigning | The code uses an operator for comparison when the intention was to perform an assignment. |
| CWE-561 | Dead Code | The product contains dead code, which can never be executed. |
| CWE-563 | Assignment to Variable without Use | The variable's value is assigned but never used, making it a dead store. |
| CWE-570 | Expression is Always False | The product contains an expression that will always evaluate to false. |
| CWE-571 | Expression is Always True | The product contains an expression that will always evaluate to true. |
| CWE-697 | Incorrect Comparison | The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
| CWE-704 | Incorrect Type Conversion or Cast | The product does not correctly convert an object, resource, or structure from one type to a different type. |
| CWE-868 | Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) | CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being actively maintained, since it statically represents the coding rules as they were in 2016. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.