CWE-590 – Free of Memory not on the Heap
Description The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc()....
CWE-59 – Improper Link Resolution Before File Access (‘Link Following’)
Description The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or...
CWE-589 – Call to Non-ubiquitous API
Description The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies...
CWE-588 – Attempt to Access Child of a Non-structure Pointer
Description Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption. Modes of Introduction:...
CWE-587 – Assignment of a Fixed Address to a Pointer
Description The software sets a pointer to a specific address other than NULL or 0. Using a fixed address is not portable, because that address...
CWE-586 – Explicit Call to Finalize()
Description The software makes an explicit call to the finalize() method from outside the finalizer. While the Java Language Specification allows an object's finalize() method...
CWE-585 – Empty Synchronized Block
Description The software contains an empty synchronized block. An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled section of...
CWE-584 – Return Inside Finally Block
Description The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded. Modes...
CWE-583 – finalize() Method Declared Public
Description The program violates secure coding principles for mobile code by declaring a finalize() method public. A program should never call finalize explicitly, except to...
CWE-582 – Array Declared Public, Final, and Static
Description The program declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified. Because arrays are...