CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Variant: 53 Data flow: data passed a...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vwprintf with a format string BadSink : vwprintf without a format string Flow Variant: 63 Data flow: pointer to data passed f...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flo...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Variant: 66 Data flow:...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 52 Data flow: data passed as an argument from one function to anothe...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 32 Data flow using two pointers to the same value within the same func...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 68 Data flow: data passed as a global variable from one function to an...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. All functions contained i...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cat BadSink : Copy string to data using wcscat Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; al...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using wcsncat Flow Variant: 01 Baseline

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy int array to data using memmove Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int array to data using memcpy Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fi...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to another in diff...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sinks: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 45 Data flow: data pass...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: rand Set data to result of rand(), which may be zero GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 06 Con...

CWE: 121 Stack Based Buffer Overflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant:...

TXT Record Overflow: CVE-2002-0906. Patched version. From MIT benchmarks (models/sendmail/s7) A buffer overflow poses the risk of a denial of service attack or possibly execution of arbitrary code via a malicious DNS server. Patched file: txt-dns-file-ok.c Patched line number: 315, 317

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = struct, Pointer = no, Index complexity = constant, Address complexity =...