CWE: 226 Sensitive Information Uncleared Before Release Sinks: declare GoodSink: Clear the password buffer before releasing the memory from the stack BadSink : Release password from the stack without first clearing the buffer Flow Variant: 15 Control flow: switch(6)

CWE: 194 Unexpected Sign Extension BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an ...

CWE: 191 Integer Underflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which ...

CWE: 191 Integer Underflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which ...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 61 ...

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 34 ...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for char GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 67 Data flo...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfprintf with a format string BadSink : vfprintf without a format string Flow Variant: 51 Data flow: data passed as an argum...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 32 Data flow using two pointer...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flo...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 54 Data flow: data passed as an argument from one function through th...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same funct...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 15 Control flow: switch(6)

CWE: 126 Buffer Overread BadSource: rand Set data to result of rand(), which may be zero GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 64 Data flow: void...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 17 Control flow: for loops

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: ncat BadSink : Copy string to data using strncat Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the sa...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: cpy BadSink : Copy string to data using wcscpy() Flow Variant: 68 Data flow: data passed a...

SIG-BUG: CA-1999-14. Patched version. From MIT benchmarks (models/bind/b2) A buffer overflow caused by improper handling of SIG records Patched file: sig-ok.c Patched line number: 538

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = array of structs, Pointer = no, Index complexity = constant, Address co...