CERT C++ Secure Coding Section 04 - Integers (INT)

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to rules in the Integers (INT) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.

Weaknesses

Assignment of a Fixed Address to a Pointer

The product sets a pointer to a specific address other than NULL or 0.

Divide By Zero

The product divides a value by zero.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...

Integer Coercion Error

Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the o...

Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Return of Pointer Value Outside of Expected Range

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Unchecked Input for Loop Condition

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...

Use of Potentially Dangerous Function

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Concepts

Deprecated or Obsolete

Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being ac...

See Also

  1. 04. Integers (INT)

    CERT


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.