Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
Tag: top25-cwes
OS command injection
Constructing operating system or shell commands with unsanitized user input can lead to inadvertently running malicious code.
SQL injection
The use of untrusted inputs in a SQL database query can enable attackers to read, modify, or delete sensitive data in the database.
Return Stack Address
A function returns the address of a stack variable will cause unintended program behavior, typically in the form of a crash.
Path traversal
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
Out Of Bounds Read
Out of bounds read can allow attackers to read sensitive information from other memory locations or cause a crash.
Improper size of a memory buffer
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Out-of-bounds Write
Out of bounds write can allow attackers to write sensitive information from other memory locations or cause a crash.