Modes d'introduction
Implementation
Plateformes applicables
Langue
Name: C (Often)
Name: C++ (Often)
Class: Not Language-Specific (Undetermined)
Conséquences courantes
Portée |
Impact |
Probabilité |
Other | Other | |
Exemples observés
Références |
Description |
| Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (CWE-681) and potentially leading to an integer overflow (CWE-190). If an integer overflow occurs, this can cause heap memory corruption (CWE-122) |
| Chain: data visualization program written in PHP uses the "!=" operator instead of the type-strict "!==" operator (CWE-480) when validating hash values, potentially leading to an incorrect type conversion (CWE-704) |
Méthodes de détection
Fuzzing
Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
Efficacité : High
Notes de cartographie des vulnérabilités
Justification : This CWE entry is a Class and might have Base-level children that would be more appropriate
Commentaire : Examine children of this entry to see if there is a better fit
Références
REF-961
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG).
http://www.omg.org/spec/ASCRM/1.0/
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
CWE Content Team |
MITRE |
2008-09-09 +00:00 |
2008-09-09 +00:00 |
1.0 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
CWE Content Team |
MITRE |
2008-11-24 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2009-05-27 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences, Relationships |
CWE Content Team |
MITRE |
2011-09-13 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2015-12-07 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2017-01-19 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated References, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2019-06-20 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-08-20 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-12-10 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2022-10-13 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Detection_Factors, Relationships, Time_of_Introduction |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |
CWE Content Team |
MITRE |
2023-10-26 +00:00 |
updated Demonstrative_Examples, Observed_Examples |
CWE Content Team |
MITRE |
2024-02-29 +00:00 |
updated Observed_Examples |