1. Home
  2. Weaknesses
  3. CWE-659

CWE-659: Weaknesses in Software Written in C++

ID CWE-659
Type Implicit
Status Draft
Detail Web & Social
This view (slice) covers issues that are found in C++ programs that are not common to all languages.

Relationships

Type # ID Name Abstraction Structure Status
Weakness CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Class Simple Stable
Weakness CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Base Simple Incomplete
Weakness CWE-121 Stack-based Buffer Overflow Variant Simple Draft
Weakness CWE-122 Heap-based Buffer Overflow Variant Simple Draft
Weakness CWE-123 Write-what-where Condition Base Simple Draft
Weakness CWE-124 Buffer Underwrite ('Buffer Underflow') Base Simple Incomplete
Weakness CWE-125 Out-of-bounds Read Base Simple Draft
Weakness CWE-126 Buffer Over-read Variant Simple Draft
Weakness CWE-127 Buffer Under-read Variant Simple Draft
Weakness CWE-128 Wrap-around Error Base Simple Incomplete
Weakness CWE-129 Improper Validation of Array Index Variant Simple Draft
Weakness CWE-130 Improper Handling of Length Parameter Inconsistency Base Simple Incomplete
Weakness CWE-131 Incorrect Calculation of Buffer Size Base Simple Draft
Weakness CWE-1325 Improperly Controlled Sequential Memory Allocation Base Simple Incomplete
Weakness CWE-1335 Incorrect Bitwise Shift of Integer Base Simple Draft
Weakness CWE-134 Use of Externally-Controlled Format String Base Simple Draft
Weakness CWE-1341 Multiple Releases of Same Resource or Handle Base Simple Incomplete
Weakness CWE-135 Incorrect Calculation of Multi-Byte String Length Base Simple Draft
Weakness CWE-14 Compiler Removal of Code to Clear Buffers Variant Simple Draft
Weakness CWE-170 Improper Null Termination Base Simple Incomplete
Weakness CWE-188 Reliance on Data/Memory Layout Base Simple Draft
Weakness CWE-191 Integer Underflow (Wrap or Wraparound) Base Simple Draft
Weakness CWE-192 Integer Coercion Error Variant Simple Incomplete
Weakness CWE-194 Unexpected Sign Extension Variant Simple Incomplete
Weakness CWE-195 Signed to Unsigned Conversion Error Variant Simple Draft
Weakness CWE-196 Unsigned to Signed Conversion Error Variant Simple Draft
Weakness CWE-197 Numeric Truncation Error Base Simple Incomplete
Weakness CWE-242 Use of Inherently Dangerous Function Base Simple Draft
Weakness CWE-243 Creation of chroot Jail Without Changing Working Directory Variant Simple Draft
Weakness CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') Variant Simple Draft
Weakness CWE-248 Uncaught Exception Base Simple Draft
Weakness CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Class Simple Draft
Weakness CWE-364 Signal Handler Race Condition Base Simple Incomplete
Weakness CWE-366 Race Condition within a Thread Base Simple Draft
Weakness CWE-374 Passing Mutable Objects to an Untrusted Method Base Simple Draft
Weakness CWE-375 Returning a Mutable Object to an Untrusted Caller Base Simple Draft
Weakness CWE-396 Declaration of Catch for Generic Exception Base Simple Draft
Weakness CWE-397 Declaration of Throws for Generic Exception Base Simple Draft
Weakness CWE-401 Missing Release of Memory after Effective Lifetime Variant Simple Draft
Weakness CWE-415 Double Free Variant Simple Draft
Weakness CWE-416 Use After Free Variant Simple Stable
Weakness CWE-457 Use of Uninitialized Variable Variant Simple Draft
Weakness CWE-460 Improper Cleanup on Thrown Exception Base Simple Draft
Weakness CWE-462 Duplicate Key in Associative List (Alist) Variant Simple Incomplete
Weakness CWE-463 Deletion of Data Structure Sentinel Base Simple Incomplete
Weakness CWE-464 Addition of Data Structure Sentinel Base Simple Incomplete
Weakness CWE-466 Return of Pointer Value Outside of Expected Range Base Simple Draft
Weakness CWE-467 Use of sizeof() on a Pointer Type Variant Simple Draft
Weakness CWE-468 Incorrect Pointer Scaling Base Simple Incomplete
Weakness CWE-469 Use of Pointer Subtraction to Determine Size Base Simple Draft
Weakness CWE-476 NULL Pointer Dereference Base Simple Stable
Weakness CWE-478 Missing Default Case in Multiple Condition Expression Base Simple Draft
Weakness CWE-479 Signal Handler Use of a Non-reentrant Function Variant Simple Draft
Weakness CWE-480 Use of Incorrect Operator Base Simple Draft
Weakness CWE-481 Assigning instead of Comparing Variant Simple Draft
Weakness CWE-482 Comparing instead of Assigning Variant Simple Draft
Weakness CWE-483 Incorrect Block Delimitation Base Simple Draft
Weakness CWE-484 Omitted Break Statement in Switch Base Simple Draft
Weakness CWE-493 Critical Public Variable Without Final Modifier Variant Simple Draft
Weakness CWE-495 Private Data Structure Returned From A Public Method Variant Simple Draft
Weakness CWE-496 Public Data Assigned to Private Array-Typed Field Variant Simple Incomplete
Weakness CWE-498 Cloneable Class Containing Sensitive Information Variant Simple Draft
Weakness CWE-500 Public Static Field Not Marked Final Variant Simple Draft
Weakness CWE-543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context Variant Simple Incomplete
Weakness CWE-558 Use of getlogin() in Multithreaded Application Variant Simple Draft
Weakness CWE-562 Return of Stack Variable Address Base Simple Draft
Weakness CWE-587 Assignment of a Fixed Address to a Pointer Variant Simple Draft
Weakness CWE-676 Use of Potentially Dangerous Function Base Simple Draft
Weakness CWE-690 Unchecked Return Value to NULL Pointer Dereference Compound Chain Draft
Weakness CWE-704 Incorrect Type Conversion or Cast Class Simple Incomplete
Weakness CWE-733 Compiler Optimization Removal or Modification of Security-critical Code Base Simple Incomplete
Weakness CWE-762 Mismatched Memory Management Routines Variant Simple Incomplete
Weakness CWE-766 Critical Data Element Declared Public Base Simple Incomplete
Weakness CWE-767 Access to Critical Private Variable via Public Method Base Simple Incomplete
Weakness CWE-781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code Variant Simple Draft
Weakness CWE-782 Exposed IOCTL with Insufficient Access Control Variant Simple Draft
Weakness CWE-783 Operator Precedence Logic Error Base Simple Draft
Weakness CWE-785 Use of Path Manipulation Function without Maximum-sized Buffer Variant Simple Incomplete
Weakness CWE-787 Out-of-bounds Write Base Simple Draft
Weakness CWE-789 Memory Allocation with Excessive Size Value Variant Simple Draft
Weakness CWE-805 Buffer Access with Incorrect Length Value Base Simple Incomplete
Weakness CWE-806 Buffer Access Using Size of Source Buffer Variant Simple Incomplete
Weakness CWE-839 Numeric Range Comparison Without Minimum Check Base Simple Incomplete
Weakness CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') Base Simple Incomplete
Weakness CWE-910 Use of Expired File Descriptor Base Simple Incomplete
Weakness CWE-911 Improper Update of Reference Count Base Simple Incomplete