CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 61 Data flow: data r...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument F...

CWE: 127 Buffer Underread BadSource: rand Set data to result of rand(), which may be zero GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant: 15 Co...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: ncpy BadSink : Copy data to string using strncpy Flow Variant: 45 Data flow: data passed as a static global variable from one funct...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same source file

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 126 Buffer Overread BadSource: fscanf Read data from the console using fscanf() GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 17 Control flow: for l...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 17 Control flow: for loops

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy string to data using strcpy Flow Variant: 63 Data flow: pointer to data passed from one function to another in d...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 68 Data flow: data passed as a global variable from one f...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using wcscat Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different ...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncpy BadSink : Copy data to string using strncpy Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the sa...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: ncpy BadSink : Copy string to data using strncpy() Flow Variant: 03 Control flow: if(5==5)...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memmove BadSink : Copy string to data using memmove() Flow Variant: 06 Control flow: if(ST...

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

IQUERY-BUG CA-98.05, CVE-1999-0009. From MIT benchmarks (models/bind/b3) A buffer overflow resulting from improperly bounds checking a memcpy call when responding to inverse query requests. Bad file: iquery-bad.c Bad line number: 135 Taxonomy classification: 0000301200004

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...

malloc"d data is never freed and all pointers to the data are lost. PLOVER: RES.MEMLEAK