Category Archives: CWE

Understanding and Mitigating the CVE-2022-41741 Vulnerability in NGINX

Read Time:1 Minute, 48 Second

NGINX, a widely-used open-source web server, has recently been affected by a critical vulnerability – CVE-2022-41741. The vulnerability is specific to NGINX’s module, ngx_http_mp4_module, and can be exploited by a local attacker to corrupt NGINX worker memory resulting in its termination. In this article, we will explain the details of the CVE-2022-41741 vulnerability and provide guidance on how to mitigate the risk.

What is CVE-2022-41741?

CVE-2022-41741 is a vulnerability in NGINX’s module, ngx_http_mp4_module. The vulnerability allows a local attacker to corrupt NGINX worker memory, which can cause its termination or other potential impact, using a specially crafted audio or video file. The attack can be executed only when the mp4 directive is used in the configuration file of NGINX products built with the ngx_http_mp4_module.

What does CVE-2022-41741 affect?

The CVE-2022-41741 vulnerability in NGINX can have a significant impact on the security and stability of the web server. If exploited, the vulnerability can cause NGINX to crash, resulting in downtime and a loss of availability. Furthermore, attackers can also gain access to sensitive information stored in the system by exploiting the vulnerability.

How can you protect yourself from CVE-2022-41741?

To mitigate the risk of CVE-2022-41741, users of NGINX products built with the ngx_http_mp4_module should update their software to the latest version. NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 are all vulnerable to this CVE-2022-41741 vulnerability. Therefore, updating to the latest version will address the vulnerability and prevent attackers from exploiting it.

In summary, the CVE-2022-41741 vulnerability in NGINX’s module, ngx_http_mp4_module, can have severe consequences if exploited. However, updating to the latest version of NGINX will mitigate the risk and prevent attackers from exploiting this vulnerability. Therefore, it is essential to ensure that the web server is updated as soon as possible to avoid any potential security risks.

CWE

Read Time:1 Minute, 11 Second

CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.

The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities

The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.

Please check our post about Vulnerability Analysis to learn more about CWE usage.

Please find a list of all the CWE below or use the search box above to find a specific CWE.

  • CWE-1046 – Creation of Immutable Text Using String Concatenation

    Description The software creates an immutable text string using string concatenation operations. Modes of Introduction:     Related Weaknesses CWE-1176   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1047 – Modules with Circular Dependencies

    Description The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-94 – Improper Control of Generation of Code (‘Code Injection’)

    Description The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Medium   Related Weaknesses CWE-74…

  • CWE-940 – Improper Verification of Source of a Communication Channel

    Description The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges…

  • CWE-941 – Incorrectly Specified Destination in a Communication Channel

    Description The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-923 CWE-406   Consequences   Potential Mitigations CVE References   CVE-2013-5211 composite: NTP feature generates…

  • CWE-942 – Permissive Cross-domain Policy with Untrusted Domains

    Description The software uses a cross-domain policy file that includes domains that should not be trusted. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-284 CWE-183 CWE-668   Consequences Confidentiality, Integrity, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Varies by Context An attacker may be…

  • CWE-943 – Improper Neutralization of Special Elements in Data Query Logic

    Description The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-74   Consequences Confidentiality, Integrity,…

  • CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)

    Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. “eval”). This may allow an attacker to execute arbitrary code, or at least modify what code can be executed. Modes of Introduction: – Architecture and Design…

  • CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)

    Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-94   Consequences Confidentiality: Read Files or…

  • CWE-97 – Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

    Description The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-96   Consequences Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands   Potential Mitigations CVE References…

  • CWE-98 – Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)

    Description The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in “require,” “include,” or similar functions. In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain…

  • CWE-99 – Improper Control of Resource Identifiers (‘Resource Injection’)

    Description The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High   Related Weaknesses CWE-74 CWE-706 CWE-73…

  • CWE-910 – Use of Expired File Descriptor

    Description The software uses or accesses a file descriptor after it has been closed. After a file descriptor for a particular file or device has been released, it can be reused. The code might not write to the original file, since the reused file descriptor might reference a different file or device. Modes of Introduction:…

  • CWE-911 – Improper Update of Reference Count

    Description The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource…

  • CWE-912 – Hidden Functionality

    Description The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software’s users or administrators. Hidden functionality can take many forms, such as intentionally malicious code, “Easter Eggs” that contain extraneous functionality such as games, developer-friendly shortcuts that…

  • CWE-913 – Improper Control of Dynamically-Managed Code Resources

    Description The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these…

  • CWE-914 – Improper Control of Dynamically-Identified Variables

    Description The software does not properly restrict reading from or writing to dynamically-identified variables. Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended…

  • CWE-915 – Improperly Controlled Modification of Dynamically-Determined Object Attributes

    Description The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-913 CWE-502   Consequences Integrity:…

  • CWE-916 – Use of Password Hash With Insufficient Computational Effort

    Description The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-327 CWE-327   Consequences Access Control: Bypass Protection Mechanism,…

  • CWE-917 – Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’)

    Description The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. Modes of Introduction: – Architecture and Design Likelihood…

  • CWE-918 – Server-Side Request Forgery (SSRF)

    Description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending…

  • CWE-92 – DEPRECATED: Improper Sanitization of Custom Special Characters

    Description This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping. Modes of Introduction: Likelihood of Exploit:…

  • CWE-920 – Improper Restriction of Power Consumption

    Description The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-400 CWE-400   Consequences Availability: DoS: Resource Consumption…

  • CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control

    Description The software stores sensitive information in a file system or device that does not have built-in access control. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-922   Consequences Confidentiality: Read Application Data, Read Files or Directories Attackers can read sensitive information by accessing the unrestricted storage mechanism. Integrity:…

  • CWE-922 – Insecure Storage of Sensitive Information

    Description The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.…

  • CWE-923 – Improper Restriction of Communication Channel to Intended Endpoints

    Description The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-284   Consequences Integrity, Confidentiality: Gain Privileges or Assume Identity If…

  • CWE-924 – Improper Enforcement of Message Integrity During Transmission in a Communication Channel

    Description The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by…

  • CWE-925 – Improper Verification of Intent by Broadcast Receiver

    Description The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source. Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit…

  • CWE-926 – Improper Export of Android Application Components

    Description The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-285   Consequences Availability, Integrity: Unexpected State, DoS: Crash, Exit, or Restart, DoS:…

  • CWE-927 – Use of Implicit Intent for Sensitive Communication

    Description The Android application uses an implicit intent for transmitting sensitive data to other applications. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-285 CWE-668   Consequences Confidentiality: Read Application Data Other applications, possibly untrusted, can read the data that is offered through the Intent. Integrity: Varies by Context The…

  • CWE-93 – Improper Neutralization of CRLF Sequences (‘CRLF Injection’)

    Description The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-74 CWE-117   Consequences Integrity: Modify Application Data   Potential Mitigations…

  • CWE-939 – Improper Authorization in Handler for Custom URL Scheme

    Description The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme. Mobile platforms and other architectures allow the use of custom URL schemes to facilitate communication between applications. In the case of iOS, this is the only method to do…

  • CWE-836 – Use of Password Hash Instead of Password for Authentication

    Description The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-287 CWE-602   Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or…

  • CWE-837 – Improper Enforcement of a Single, Unique Action

    Description The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction. In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or…

  • CWE-838 – Inappropriate Encoding for Output Context

    Description The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-116 CWE-116   Consequences Integrity, Confidentiality, Availability: Modify Application Data, Execute Unauthorized Code…

  • CWE-839 – Numeric Range Comparison Without Minimum Check

    Description The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-1023 CWE-195 CWE-682 CWE-119 CWE-124   Consequences Integrity, Confidentiality, Availability: Modify…

  • CWE-84 – Improper Neutralization of Encoded URI Schemes in a Web Page

    Description The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-79   Consequences Integrity: Unexpected State   Potential Mitigations Phase: Implementation Effectiveness: Description:  Resolve all URIs to absolute or canonical representations before processing. Phase: Implementation Effectiveness: Description: …

  • CWE-841 – Improper Enforcement of Behavioral Workflow

    Description The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-691   Consequences Other: Alter Execution Logic An attacker could…

  • CWE-842 – Placement of User into Incorrect Group

    Description The software or the administrator places a user into an incorrect group. If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage…

  • CWE-843 – Access of Resource Using Incompatible Type (‘Type Confusion’)

    Description The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-704 CWE-704 CWE-119   Consequences Availability, Integrity, Confidentiality: Read Memory,…

  • CWE-85 – Doubled Character XSS Manipulations

    Description The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-79 CWE-675   Consequences Confidentiality, Integrity, Availability: Read Application Data, Execute Unauthorized Code or Commands   Potential Mitigations Phase: Implementation Effectiveness: Description:  Resolve all filtered…

  • CWE-86 – Improper Neutralization of Invalid Characters in Identifiers in Web Pages

    Description The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers. Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a “javascript:” URI scheme, but a…

  • CWE-862 – Missing Authorization

    Description The software does not perform an authorization check when an actor attempts to access a resource or perform an action. An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users…

  • CWE-863 – Incorrect Authorization

    Description The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different…

  • CWE-87 – Improper Neutralization of Alternate XSS Syntax

    Description The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-79   Consequences Confidentiality, Integrity, Availability: Read Application Data, Execute Unauthorized Code or Commands   Potential Mitigations Phase: Implementation Effectiveness: Description:  Resolve all input to absolute or canonical representations…

  • CWE-88 – Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

    Description The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-77 CWE-74 CWE-77 CWE-77   Consequences Confidentiality,…

  • CWE-89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

    Description The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High  …

  • CWE-9 – J2EE Misconfiguration: Weak Access Permissions for EJB Methods

    Description If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system. If the EJB deployment descriptor contains one or more method permissions that grant access to the special ANYONE role, it indicates that access control for the application has not been fully…

  • CWE-90 – Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)

    Description The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related…

  • CWE-908 – Use of Uninitialized Resource

    Description The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software. Modes…

  • CWE-909 – Missing Initialization of Resource

    Description The software does not initialize a critical resource. Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain…

  • CWE-91 – XML Injection (aka Blind XPath Injection)

    Description The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. Within XML, special elements could include reserved words or characters such as ““, “””, and “&”, which could then be used…

  • CWE-807 – Reliance on Untrusted Inputs in a Security Decision

    Description The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High   Related Weaknesses CWE-693   Consequences Confidentiality, Access Control,…

  • CWE-81 – Improper Neutralization of Script in an Error Message Web Page

    Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-79 CWE-209 CWE-390   Consequences Confidentiality, Integrity, Availability: Read Application…

  • CWE-82 – Improper Neutralization of Script in Attributes of IMG Tags in a Web Page

    Description The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute. Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim’s browser. Note that when the page is loaded into a…

  • CWE-820 – Missing Synchronization

    Description The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if…

  • CWE-821 – Incorrect Synchronization

    Description The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially…

  • CWE-822 – Untrusted Pointer Dereference

    Description The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-119 CWE-119 CWE-119 CWE-125 CWE-787   Consequences Confidentiality: Read Memory If the untrusted pointer is used in a read operation, an attacker might be able…

  • CWE-823 – Use of Out-of-range Pointer Offset

    Description The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-119 CWE-119 CWE-119 CWE-125 CWE-787   Consequences Confidentiality: Read Memory If the untrusted pointer is…

  • CWE-824 – Access of Uninitialized Pointer

    Description The program accesses or uses a pointer that has not been initialized. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-119 CWE-119 CWE-119 CWE-119 CWE-125 CWE-787   Consequences Confidentiality: Read Memory If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory. Availability:…

  • CWE-825 – Expired Pointer Dereference

    Description The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data,…

  • CWE-826 – Premature Release of Resource During Expected Lifetime

    Description The program releases a resource that is still intended to be used by the program itself or another actor. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-666 CWE-672   Consequences Confidentiality: Read Application Data, Read Memory If the released resource is subsequently reused or reallocated, then a read operation on the original…

  • CWE-827 – Improper Control of Document Type Definition

    Description The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker. Modes of Introduction: – Implementation Likelihood of…

  • CWE-828 – Signal Handler with Functionality that is not Asynchronous-Safe

    Description The software defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-364   Consequences Integrity, Confidentiality, Availability: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands The most common consequence…

  • CWE-829 – Inclusion of Functionality from Untrusted Control Sphere

    Description The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-669 CWE-669   Consequences Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands An attacker could insert malicious functionality into the…

  • CWE-83 – Improper Neutralization of Script in Attributes in a Web Page

    Description The software does not neutralize or incorrectly neutralizes “javascript:” or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-79   Consequences Confidentiality, Integrity, Availability: Read Application Data, Execute Unauthorized Code or Commands   Potential Mitigations Phase: Implementation…

  • CWE-830 – Inclusion of Web Functionality from an Untrusted Source

    Description The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-829   Consequences Confidentiality, Integrity, Availability:…

  • CWE-831 – Signal Handler Function Associated with Multiple Signals

    Description The software defines a function that is used as a handler for more than one signal. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-364   Consequences Availability, Integrity, Confidentiality, Access Control, Other: DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection…

  • CWE-832 – Unlock of a Resource that is not Locked

    Description The software attempts to unlock a resource that is not locked. Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks). Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-667   Consequences…

  • CWE-833 – Deadlock

    Description The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-667 CWE-662   Consequences Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart Each thread of execution will…

  • CWE-834 – Excessive Iteration

    Description The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in…

  • CWE-835 – Loop with Unreachable Exit Condition (‘Infinite Loop’)

    Description The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses CWE-834 CWE-834  …

  • CWE-786 – Access of Memory Location Before Start of Buffer

    Description The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the…

  • CWE-787 – Out-of-bounds Write

    Description The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent…

  • CWE-788 – Access of Memory Location After End of Buffer

    Description The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer. Modes of…

  • CWE-789 – Memory Allocation with Excessive Size Value

    Description The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-770 CWE-1284 CWE-476   Consequences Availability: DoS: Resource Consumption (Memory) Not controlling…

  • CWE-79 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

    Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High   Related Weaknesses CWE-74 CWE-74 CWE-494 CWE-352   Consequences Access Control, Confidentiality: Bypass Protection…

  • CWE-790 – Improper Filtering of Special Elements

    Description The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-138   Consequences Integrity: Unexpected State   Potential Mitigations CVE References  

  • CWE-791 – Incomplete Filtering of Special Elements

    Description The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-790   Consequences Integrity: Unexpected State   Potential Mitigations CVE References  

  • CWE-792 – Incomplete Filtering of One or More Instances of Special Elements

    Description The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-791   Consequences Integrity: Unexpected State   Potential Mitigations CVE References  

  • CWE-793 – Only Filtering One Instance of a Special Element

    Description The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component. Incomplete filtering of this nature may be location-dependent, as in only the first or last element is filtered. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses…

  • CWE-794 – Incomplete Filtering of Multiple Instances of Special Elements

    Description The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-792   Consequences Integrity: Unexpected State   Potential Mitigations CVE References  

  • CWE-795 – Only Filtering Special Elements at a Specified Location

    Description The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-791   Consequences Integrity: Unexpected State   Potential Mitigations CVE…

  • CWE-796 – Only Filtering Special Elements Relative to a Marker

    Description The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. “at the beginning/end of a string; the second argument”), thereby missing remaining special elements that may exist before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related…

  • CWE-797 – Only Filtering Special Elements at an Absolute Position

    Description The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. “byte number 10”), thereby missing remaining special elements that may exist before sending it to a downstream component. Modes of Introduction: – Implementation Likelihood of Exploit:   Related Weaknesses CWE-795   Consequences Integrity: Unexpected State…

  • CWE-798 – Use of Hard-coded Credentials

    Description The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High   Related Weaknesses CWE-287 CWE-287 CWE-344 CWE-671 CWE-257   Consequences Access Control: Bypass…

  • CWE-799 – Improper Control of Interaction Frequency

    Description The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This…

  • CWE-8 – J2EE Misconfiguration: Entity Bean Declared Remote

    Description When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean’s data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application’s expectations, potentially leading to other vulnerabilities. Modes of Introduction: – Architecture and…

  • CWE-80 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

    Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as ““, and “&” that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. This may allow such characters to be treated as control characters, which…

  • CWE-804 – Guessable CAPTCHA

    Description The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. Modes of Introduction: – Architecture and Design Likelihood of Exploit:   Related Weaknesses CWE-863 CWE-287 CWE-330   Consequences Access Control, Other: Bypass Protection Mechanism, Other When authorization, authentication, or another protection mechanism relies on CAPTCHA…

  • CWE-805 – Buffer Access with Incorrect Length Value

    Description The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. When the length value exceeds the size of the destination, a buffer overflow could occur. Modes of Introduction: – Implementation…

  • CWE-806 – Buffer Access Using Size of Source Buffer

    Description The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer. When the size of the destination is smaller than the size of the source, a buffer overflow could occur. Modes…

  • CWE-768 – Incorrect Short Circuit Evaluation

    Description The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring. Modes of Introduction: – Implementation Likelihood of…

  • CWE-769 – DEPRECATED: Uncontrolled File Descriptor Consumption

    Description This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774. Modes of Introduction: Likelihood of Exploit:   Related Weaknesses   Consequences   Potential Mitigations CVE References  

  • CWE-77 – Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

    Description The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High   Related Weaknesses…

  • CWE-770 – Allocation of Resources Without Limits or Throttling

    Description The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High   Related Weaknesses…

  • CWE-771 – Missing Reference to Active Allocated Resource

    Description The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed. This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be…

  • CWE-772 – Missing Release of Resource after Effective Lifetime

    Description The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU,…

  • CWE-773 – Missing Reference to Active File Descriptor or Handle

    Description The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed. This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations. Modes of Introduction: – Architecture and Design Likelihood of…

  • CWE-774 – Allocation of File Descriptors or Handles Without Limits or Throttling

    Description The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor. This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical…