In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. (from TCCLASP-5_6_9_10)

System() is called with user-provided data. PLOVER: CODE.EVAL

A file is accessed multiple times by name in a publically accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name. PLOVER: RACE.TOCTOU

malloc"d data is freed more than once. PLOVER: MISC.DFREE

Syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains. PLOVER: BUFF.OVER, BUFF.FORMAT

Printf is called with a user supplied format string. PLOVER: BUFF.OVER, BUFF.FORMAT

Fixed strcat

Off-by-one error on bounds checking. PLOVER: NUM.OBO, BUFF.OVER

No bounds checking on buffer. PLOVER: BUFF.OVER

The accidental addition of a data-structure sentinel can cause serious programing . The accidental addition of a data-structure sentinel can cause serious programing logic problems. (from TCCLASP-5_6_7_10)

Fixed strcpy

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = function return value, Address com...

The accidental deletion of a can cause serious programing logic problems. (from TCCLASP-5_6_6_10)

Unprotected string copy, unlocked shared resource, buffer overflow. PLOVER: BUFF.OVER, RACE

Unprotected string copy, unlocked shared resource, off-by-one. PLOVER: BUFF.OVER, NUM.OBO, RACE

Unprotected buffer copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE, NUM.OBO

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE

Unprotected string copy, unlocked shared resource, off-by-one. PLOVER: BUFF.OVER, NUM.OBO, RACE

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE

Fixed strcat

Syslog is called with a user supplied format string. PLOVER: BUFF.OVER, BUFF.FORMAT

An ad hoc gets without bounds checkes allows a stack buffer to be overrun. PLOVER CLASS: BUFF.OVER

Running sizeof() on a malloced pointer type will always return the wordsize/8. (from TCCLASP-5_6_8_10)