CWE-44 – Path Equivalence: ‘file.name’ (Internal Dot)
Description A software system that accepts path input in the form of internal dot ('file.ordir') without appropriate validation can lead to ambiguous path resolution and...
CWE-440 – Expected Behavior Violation
Description A feature, API, or function does not perform according to its specification. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-684...
CWE-441 – Unintended Proxy or Intermediary (‘Confused Deputy’)
Description The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the...
CWE-401 – Missing Release of Memory after Effective Lifetime
Description The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered...
CWE-402 – Transmission of Private Resources into a New Sphere (‘Resource Leak’)
Description The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software. Modes of Introduction: -...
CWE-403 – Exposure of File Descriptor to Unintended Control Sphere (‘File Descriptor Leak’)
Description A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those...
CWE-404 – Improper Resource Shutdown or Release
Description The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated,...
CWE-405 – Asymmetric Resource Consumption (Amplification)
Description Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows...
CWE-406 – Insufficient Control of Network Message Volume (Network Amplification)
Description The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic...
CWE-407 – Inefficient Algorithmic Complexity
Description An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an...