CWE: 688 Function Call With Incorrect Variable or Reference as Argument Sinks: GoodSink: Use the correct format to print a string BadSink : Use a string format to print an int Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 457 Use of Uninitialized Variable BadSource: no_init Dont initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 369 Divide by Zero BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-zero Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo a constant with data Flow Variant: 54 Data flow: data passed as an argument from one function through three others t...

CWE: 284 Improper Access Control Sinks: CreateWindowStation GoodSink: Create a windows station using CreateWindowStationA() without excessive privileges BadSink : Create a windows station using CreateWindowStationA() with excessive privileges Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIV...

CWE: 253 Incorrect Check of Return Value Sinks: puts GoodSink: Correctly check if puts() failed BadSink : Incorrectly check if puts() failed Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 253 Incorrect Check of Return Value Sinks: fputc GoodSink: Correctly check if fputc() failed BadSink : Incorrectly check if fputc() failed Flow Variant: 15 Control flow: switch(6)

CWE: 253 Incorrect Check of Return Value Sinks: fprintf GoodSink: Correctly check if fprintf() failed BadSink : Incorrectly check if fprintf() failed Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 197 Numeric Truncation Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Less than CHAR_MAX Sinks: BadSink : Convert data to a char Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different source file calle...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 1...

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Variant: 53 Data flow: data passed a...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vwprintf with a format string BadSink : vwprintf without a format string Flow Variant: 63 Data flow: pointer to data passed f...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flo...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Variant: 66 Data flow:...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. All functions contained i...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cat BadSink : Copy string to data using wcscat Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; al...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy int array to data using memmove Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int array to data using memcpy Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fi...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to another in diff...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 121 Stack Based Buffer Overflow BadSource: rand Set data to result of rand(), which may be zero GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 06 Con...

TXT Record Overflow: CVE-2002-0906. Patched version. From MIT benchmarks (models/sendmail/s7) A buffer overflow poses the risk of a denial of service attack or possibly execution of arbitrary code via a malicious DNS server. Patched file: txt-dns-file-ok.c Patched line number: 315, 317

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...