CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types
2021 CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home>CWE List> CWE- Individual Dictionary Definition (4.10)
ID

CWE CATEGORY: SFP Secondary Cluster: Incorrect Buffer Length Computation

Category ID: 974
+Summary
This category identifies Software Fault Patterns (SFPs) within the Incorrect Buffer Length Computation cluster (SFP10).
+Membership
Nature Type ID Name
MemberOf CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 890 SFP Primary Cluster: Memory Access
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 131 Incorrect Calculation of Buffer Size
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 135 Incorrect Calculation of Multi-Byte String Length
HasMember CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. 251 Often Misused: String Management
HasMember VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. 467 Use of sizeof() on a Pointer Type
+Content History
+Submissions
Submission Date Submitter Organization
2014-07-29 CWE Content Team MITRE
+Modifications
Modification Date Modifier Organization
2020-02-24 CWE Content Team MITRE
updated Description, Relationships
More information is available — Please select a different filter.
Page Last Updated:January 31, 2023

Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to theTerms of Use. CWE is sponsored by theU.S. Department of Homeland Security(DHS)Cybersecurity and Infrastructure Security Agency(CISA) and managed by theHomeland Security Systems Engineering and Development Institute(HSSEDI) which is operated bymanbetx客户端首页(MITRE). Copyright © 2006–2023, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.