A strncpy is used to copy a string but the length is given incorrectly leading to a heap buffer overflow.

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file handle using fopen() Sinks: GoodSink: Close the file handle before reusing it BadSink : Reassign the file handle before closing it Flow Variant: 34 Data flow: use of a union containing two methods of acc...

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : Initialize and use data Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. All functions contained in one file.

CWE: 476 NULL Pointer Dereference Sinks: null_check_after_deref GoodSink: Do not check for NULL after the pointer has been dereferenced BadSink : Check for NULL after a pointer has already been dereferenced Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 325 Missing Required Cryptographic Step Sinks: CryptCreateHash GoodSink: All required cryptographic steps are present BadSink : Missing call to CryptCreateHash() Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 253 Incorrect Check of Return Value Sinks: RpcImpersonateClient GoodSink: Correctly check if RpcImpersonateClient() fails BadSink : Incorrectly check if RpcImpersonateClient() fails Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 252 Unchecked Return Value Sinks: remove GoodSink: Check if remove() fails BadSink : Do not check if remove() fails Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 197 Numeric Truncation Error BadSource: large Set data to a number larger than SHRT_MAX GoodSource: Less than CHAR_MAX Sink: to_short BadSink : Convert data to a short Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. All functions contained in one file.

CWE: 191 Integer Underflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which ca...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand(), which may be zero GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument Flow Variant: 67 Data flow: data pa...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Va...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 18 Control flow: goto statements

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 126 Buffer Overread Sinks: strncpy GoodSink: Copy a string using wcsncpy() with explicit null termination BadSink : Copy a string using wcsncpy() without explicit null termination Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using wcscat Flow Variant: 15 Control flow: switch(6)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cat BadSink : Copy string to data using wcscat Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three dif...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using wcsncat Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy int array to data using a loop Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy int64_t array to data using memmove Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the...

Cross-Site Scripting in C. This is a CGI program which take some parameters values then print it.

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...