CERT C++ Secure Coding Section 04 - Integers (INT)
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to rules in the Integers (INT) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.
Weaknesses
The product sets a pointer to a specific address other than NULL or 0.
The product divides a value by zero.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...
Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the o...
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Concepts
Deprecated or Obsolete
CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being ac...
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.