CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to rules in the Miscellaneous (MSC) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.

Weaknesses

Assignment to Variable without Use

The variable's value is assigned but never used, making it a dead store.

Comparing instead of Assigning

The code uses an operator for comparison when the intention was to perform an assignment.

Compiler Removal of Code to Clear Buffers

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

Dead Code

The software contains dead code, which can never be executed.

Expression is Always False

The software contains an expression that will always evaluate to false.

Expression is Always True

The software contains an expression that will always evaluate to true.

Improper Encoding or Escaping of Output

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a r...

Improper Handling of Unicode Encoding

The software does not properly handle when an input contains Unicode encoding.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...

Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Use of Incorrect Operator

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.

Use of Insufficiently Random Values

The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Concepts

Deprecated or Obsolete

Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016.

See Also

  1. 49. Miscellaneous (MSC)

    CERT


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.