Categories

The software does not correctly convert an object, resource, or structure from one type to a different type.

Weaknesses in this category are typically found in functionality that processes data.

The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack.

The software does not properly verify that the source of data or communication is valid.

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it.

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.