Categories

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.