This page was automatically generated and should not be edited.
The information on this page was provided by outside contributors and has not been verified by SEI CERT.
CERT Rule | Related Guidelines |
|---|---|
| EXP30-C | CWE-758 |
| EXP33-C | CWE-456 |
| EXP33-C | CWE-457 |
| EXP33-C | CWE-758 |
| EXP33-C | CWE-908 |
| EXP34-C | CWE-476, NULL Pointer Dereference |
| EXP37-C | CWE-628, Function Call with Incorrectly Specified Arguments |
| EXP39-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| EXP39-C | CWE-125, Out-of-bounds Read |
| EXP39-C | CWE-704 |
| EXP45-C | CWE-480, Use of Incorrect Operator |
| EXP45-C | CWE-481 |
| EXP46-C | CWE-480, Use of incorrect operator |
| EXP46-C | CWE-569 |
| INT30-C | CWE-190, Integer Overflow or Wraparound |
| INT30-C | CWE-131 |
| INT30-C | CWE-191 |
| INT30-C | CWE-680 |
| INT31-C | CWE-192, Integer Coercion Error |
| INT31-C | CWE-197, Numeric Truncation Error |
| INT31-C | CWE-681, Incorrect Conversion between Numeric Types |
| INT31-C | CWE-704 |
| INT32-C | CWE-190, Integer Overflow or Wraparound |
| INT32-C | CWE-191 |
| INT32-C | CWE-680 |
| INT33-C | CWE-369, Divide By Zero |
| INT34-C | CWE-682 |
| INT34-C | CWE-758 |
| INT35-C | CWE-681, Incorrect Conversion between Numeric Types |
| INT36-C | CWE-587, Assignment of a Fixed Address to a Pointer |
| INT36-C | CWE-704 |
| INT36-C | CWE-758 |
| FLP32-C | CWE-682, Incorrect Calculation |
| FLP34-C | CWE-681, Incorrect Conversion between Numeric Types |
| FLP34-C | CWE-197 |
| ARR30-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ARR30-C | CWE-123, Write-what-where Condition |
| ARR30-C | CWE-125, Out-of-bounds Read |
| ARR32-C | CWE-758 |
| ARR36-C | CWE-469, Use of Pointer Subtraction to Determine Size |
| ARR38-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ARR38-C | CWE-121, Stack-based Buffer Overflow |
| ARR38-C | CWE-123, Write-what-where Condition |
| ARR38-C | CWE-125, Out-of-bounds Read |
| ARR38-C | CWE-805, Buffer Access with Incorrect Length Value |
| ARR39-C | CWE-468, Incorrect Pointer Scaling |
| STR31-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| STR31-C | CWE-120, Buffer Copy without Checking Size of Input ("Classic Buffer Overflow") |
| STR31-C | CWE-123, Write-what-where Condition |
| STR31-C | CWE-125, Out-of-bounds Read |
| STR31-C | CWE-676, Off-by-one Error |
| STR32-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| STR32-C | CWE-123, Write-what-where Condition |
| STR32-C | CWE-125, Out-of-bounds Read |
| STR32-C | CWE-170, Improper Null Termination |
| STR37-C | CWE-704, Incorrect Type Conversion or Cast |
| MEM30-C | CWE-416, Use After Free |
| MEM30-C | CWE-672 |
| MEM31-C | CWE-401, Improper Release of Memory Before Removing Last Reference ("Memory Leak") |
| MEM31-C | CWE-404 |
| MEM31-C | CWE-459 |
| MEM31-C | CWE-771 |
| MEM31-C | CWE-772 |
| MEM34-C | CWE-590, Free of Memory Not on the Heap |
| MEM35-C | CWE-131, Incorrect Calculation of Buffer Size |
| MEM35-C | CWE-680 |
| MEM35-C | CWE-789 |
| FIO30-C | CWE-134, Uncontrolled Format String |
| FIO30-C | CWE-20, Improper Input Validation |
| FIO34-C | CWE-197 |
| FIO37-C | CWE-241, Improper Handling of Unexpected Data Type |
| FIO39-C | CWE-664 |
| FIO42-C | CWE-404, Improper Resource Shutdown or Release |
| FIO42-C | CWE-459 |
| FIO42-C | CWE-772 |
| FIO42-C | CWE-773 |
| FIO42-C | CWE-775 |
| FIO42-C | CWE-403 |
| FIO47-C | CWE-686, Function Call with Incorrect Argument Type |
| FIO47-C | CWE-685 |
| ENV32-C | CWE-705, Incorrect Control Flow Scoping |
| ENV33-C | CWE-88, Argument Injection or Modification |
| ENV33-C | CWE-676 |
| SIG30-C | CWE-479, Signal Handler Use of a Non-reentrant Function |
| SIG31-C | CWE-662, Improper Synchronization |
| SIG31-C | CWE-828, Signal Handler with Functionality that is not Asynchronous-Safe |
| ERR30-C | CWE-456, Missing Initialization of a Variable |
| ERR33-C | CWE-252, Unchecked Return Value |
| ERR33-C | CWE-253, Incorrect Check of Function Return Value |
| ERR33-C | CWE-391, Unchecked Error Condition |
| ERR34-C | CWE-676, Use of potentially dangerous function |
| ERR34-C | CWE-758 |
| CON31-C | CWE-667, Improper Locking |
| CON33-C | CWE-330 |
| CON33-C | CWE-377 |
| CON33-C | CWE-676 |
| CON40-C | CWE-366, Race Condition within a Thread |
| CON43-C | CWE-366, Race condition within a thread |
| MSC30-C | CWE-327, Use of a Broken or Risky Cryptographic Algorithm |
| MSC30-C | CWE-330, Use of Insufficiently Random Values |
| MSC30-C | CWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| MSC30-C | CWE-676 |
| MSC32-C | CWE-327, Use of a Broken or Risky Cryptographic Algorithm |
| MSC32-C | CWE-330, Use of Insufficiently Random Values |
| MSC32-C | CWE-331, Insufficient Entropy |
| MSC37-C | CWE-758 |
| POS30-C | CWE-170, Improper null termination |
| POS35-C | CWE-363, Race condition enabling link following |
| POS36-C | CWE-696, Incorrect behavior order |
| POS37-C | CWE-273, Failure to check whether privileges were dropped successfully |
| POS48-C | CWE-667, Insufficient locking |
| POS52-C | CWE-557 |
| POS54-C | CWE-252, Unchecked return value |
| POS54-C | CWE-253, Incorrect check of function return value |
| POS54-C | CWE-391, Unchecked error condition |
| API00-C | CWE-20, Insufficient input validation |
| API04-C | CWE-754, Improper check for unusual or exceptional conditions |
| ARR00-C | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ARR00-C | CWE-123, Write-what-where Condition |
| ARR00-C | CWE-125, Out-of-bounds Read |
| ARR00-C | CWE-129, Unchecked array indexing |
| ARR01-C | CWE-467, Use of sizeof() on a pointer type |
| ARR02-C | CWE-665, Incorrect or incomplete initialization |
| CON06-C | CWE-667, Improper Locking |