CWE-1399 Kategoriedetails

CWE-1399

Comprehensive Categorization: Memory Safety
Incomplete
2023-04-23 +00:00
2023-06-29 +00:00
CWE Mitre.org
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Benachrichtigungen verwalten

Name: Comprehensive Categorization: Memory Safety

Weaknesses in this category are related to memory safety.

CWE-Mitgliederliste

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer Base

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Base

CWE-121: Stack-based Buffer Overflow Base

CWE-122: Heap-based Buffer Overflow Base

CWE-123: Write-what-where Condition Base

CWE-124: Buffer Underwrite ('Buffer Underflow') Base

CWE-125: Out-of-bounds Read Base

CWE-126: Buffer Over-read Base

CWE-127: Buffer Under-read Base

CWE-129: Improper Validation of Array Index Base

CWE-131: Incorrect Calculation of Buffer Size Base

CWE-134: Use of Externally-Controlled Format String Base

CWE-188: Reliance on Data/Memory Layout Base

CWE-198: Use of Incorrect Byte Ordering Base

CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') Base

CWE-401: Missing Release of Memory after Effective Lifetime Base

CWE-415: Double Free Base

CWE-416: Use After Free Base

CWE-466: Return of Pointer Value Outside of Expected Range Base

CWE-562: Return of Stack Variable Address Base

CWE-587: Assignment of a Fixed Address to a Pointer Base

CWE-590: Free of Memory not on the Heap Base

CWE-680: Integer Overflow to Buffer Overflow Base

CWE-690: Unchecked Return Value to NULL Pointer Dereference Base

CWE-761: Free of Pointer not at Start of Buffer Base

CWE-762: Mismatched Memory Management Routines Base

CWE-763: Release of Invalid Pointer or Reference Base

CWE-786: Access of Memory Location Before Start of Buffer Base

CWE-787: Out-of-bounds Write Base

CWE-788: Access of Memory Location After End of Buffer Base

CWE-789: Memory Allocation with Excessive Size Value Base

CWE-805: Buffer Access with Incorrect Length Value Base

CWE-806: Buffer Access Using Size of Source Buffer Base

CWE-822: Untrusted Pointer Dereference Base

CWE-823: Use of Out-of-range Pointer Offset Base

CWE-824: Access of Uninitialized Pointer Base

CWE-825: Expired Pointer Dereference Base

CWE-Informationen

Hinweise zur Schwachstellen-Zuordnung

Begründung : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Kommentar : See member weaknesses of this category.

Einreichung

Name Organisation Datum Veröffentlichungsdatum Version
CWE Content Team MITRE 2023-04-25 +00:00 2023-04-23 +00:00 4.11

Änderungen

Name Organisation Datum Kommentar
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

Referenzen

REF-1328

Software Memory Safety
National Security Agency.
https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF

REF-1329

What is memory safety and why does it matter?
Prossimo.
https://www.memorysafety.org/docs/memory-safety/

REF-1330

CVE --> CWE Mapping Guidance - Quick Tips
MITRE.
https://cwe.mitre.org/documents/cwe_usage/quick_tips.html

Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.