970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
47 in Memory · 970 total
| ID | Title | Summary |
|---|---|---|
| CWE-1098 | Data Element containing Pointer Item without Proper Copy Control Element | The code contains a data element with a pointer that does not have an associated copy or constructor method. |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in… |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a pa… |
| CWE-122 | Heap-based Buffer Overflow | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the… |
| CWE-124 | Buffer Underwrite ('Buffer Underflow') | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
| CWE-125 | Out-of-bounds Read | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untr… |
| CWE-126 | Buffer Over-read | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
| CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | The product allows address regions to overlap, which can result in the bypassing of intended memory protection. |
| CWE-127 | Buffer Under-read | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer. |
| CWE-1274 | Improper Access Control for Volatile Memory Containing Boot Code | The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have suffic… |
| CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-prog… |
| CWE-131 | Incorrect Calculation of Buffer Size | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
| CWE-1325 | Improperly Controlled Sequential Memory Allocation | The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount … |
| CWE-1330 | Remanent Data Readable after Memory Erase | Confidential information stored in memory circuits is readable or recoverable after being cleared or erased. |
| CWE-14 | Compiler Removal of Code to Clear Buffers | Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store… |
| CWE-188 | Reliance on Data/Memory Layout | The product makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior. |
| CWE-190 | Integer Overflow or Wraparound | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will al… |
| CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory… |
| CWE-395 | Use of NullPointerException Catch to Detect NULL Pointer Dereference | Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. |
| CWE-401 | Missing Release of Memory after Effective Lifetime | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
| CWE-416 | Use After Free | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while… |
| CWE-466 | Return of Pointer Value Outside of Expected Range | A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference. |
| CWE-467 | Use of sizeof() on a Pointer Type | The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being poi… |
| CWE-468 | Incorrect Pointer Scaling | In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. |
| CWE-469 | Use of Pointer Subtraction to Determine Size | The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memor… |
| CWE-476 | NULL Pointer Dereference | The product dereferences a pointer that it expects to be valid but is NULL. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | The product sets a pointer to a specific address other than NULL or 0. Using a fixed address is not portable, because that address will probably not be valid … |
| CWE-588 | Attempt to Access Child of a Non-structure Pointer | Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption. |
| CWE-590 | Free of Memory not on the Heap | The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). Wh… |
| CWE-680 | Integer Overflow to Buffer Overflow | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than exp… |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL poi… |
| CWE-761 | Free of Pointer not at Start of Buffer | The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer. |
| CWE-762 | Mismatched Memory Management Routines | The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally us… |
| CWE-763 | Release of Invalid Pointer or Reference | The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. |
| CWE-785 | Use of Path Manipulation Function without Maximum-sized Buffer | The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PA… |
| CWE-786 | Access of Memory Location Before Start of Buffer | The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occur… |
| CWE-787 | Out-of-bounds Write | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-788 | Access of Memory Location After End of Buffer | The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a … |
| CWE-789 | Memory Allocation with Excessive Size Value | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amount… |
| CWE-805 | Buffer Access with Incorrect Length Value | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the… |
| CWE-806 | Buffer Access Using Size of Source Buffer | The product uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the b… |
| CWE-822 | Untrusted Pointer Dereference | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
| CWE-823 | Use of Out-of-range Pointer Offset | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for th… |
| CWE-824 | Access of Uninitialized Pointer | The product accesses or uses a pointer that has not been initialized. |
| CWE-825 | Expired Pointer Dereference | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a product releases memory, but … |