2011 Top 25 - Risky Resource Management
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are listed in the "Risky Resource Management" section of the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.
Weaknesses
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buf...
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the o...
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Concepts
Deprecated or Obsolete
CWE entries in this view (graph) are listed in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.