CWE IDs mapped to Klocwork C and C++ checkers

From current

Reference > Coding standards > CWE IDs mapped to Klocwork C and C++ checkers

This mapping is based on CWE version 2.2.

CWE ID	Klocwork Issue Code and Description
20	SV.BANNED.RECOMMENDED.SCANF Banned scanf function call MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol'
22	SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential DLL-preload process-injection vector SV.DLLPRELOAD.SEARCHPATH Potential DLL-preload SearchPath vector
23	SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential DLL-preload process-injection vector SV.DLLPRELOAD.SEARCHPATH Potential DLL-preload SearchPath vector
73	SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential DLL-preload process-injection vector SV.DLLPRELOAD.SEARCHPATH Potential DLL-preload SearchPath vector SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access
77	SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection
78	NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command injection vulnerability SV.TAINTED.INJECTION Command Injection
88	NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command Injection vulnerability SV.TAINTED.INJECTION Command Injection
114	SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential DLL-preload process-injection vector SV.DLLPRELOAD.SEARCHPATH Potential DLL-preload SearchPath vector
119	ABV.ANY_SIZE_ARRAY Buffer Overflow - Unspecified-sized Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.STRBO.BOUND_COPY Buffer Overflow in Bound String Copy SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String
120	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String NNTS.MIGHT Buffer Overflow - Non-null Terminated String SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Buffer overflow from unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Buffer overflow from unbounded string copy
121	ABV.STACK Buffer Overflow - Local Array Index Out of Bounds
122	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds
129	SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index
131	INCORRECT.ALLOC_SIZE Incorrect allocation size
134	SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.FMTSTR.GENERIC Format String Vulnerability
135	SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error
170	NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY Buffer Overflow in Bound String Copy SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf
176	ABV.UNICODE.BOUND_MAP Buffer overflow—array index out of bounds in mapping function ABV.UNICODE.FAILED_MAP Buffer overflow—array index out of bounds in failed mapping function ABV.UNICODE.NNTS_MAP Buffer overflow from non null-terminated string in mapping function ABV.UNICODE.SELF_MAP Buffer overflow—array index out of bounds in failed mapping function
190	INCORRECT.ALLOC_SIZE Incorrect allocation size SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index
192	SV.BANNED.RECOMMENDED.SCANF Banned scanf function call PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during Function Call MISRA.CVALUE.IMPL.CAST The value of an expression should not be implcitly converted to a different type MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back tooriginal type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned
193	NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY Buffer Overflow in Bound String Copy SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy
195	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds
197	PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during Function Call MISRA.CVALUE.IMPL.CAST The value of an expression should not be implcitly converted to a different type MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back tooriginal type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned
242	SV.PIPE.VAR Use of Insecure Parameter for Dangerous Functions - possible SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.UNBOUND_STRING_INPUT.CIN Buffer overflow from unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Buffer overflow from unbounded string copy SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf
247	SV.USAGERULES.SPOOFING Spoofing security vulnerability
250	SV.USAGERULES.PERMISSIONS Use of function that manipulates Access Control Lists SV.USAGERULES.PROCESS_VARIANTS Exposure to privilege escalation in process SV.FIU.PROCESS_VARIANTS Exposure to privilege escalation
251	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds
252	SV.RVT.RETVAL_NOTTESTED Ignored Return Value
253	SV.RVT.RETVAL_NOTTESTED Ignored Return Value
272	SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function
273	SV.FIU.PROCESS_VARIANTS Exposure to privilege escalation SV.USAGERULES.PERMISSIONS Exposure to privilege escalation
290	SV.WEAK_CRYPTO.WEAK_HASH Weak password vulnerability
326	SV.USAGERULES.SPOOFING Spoofing security vulnerability
362	CONC.DL Deadlock
366	CONC.DL Deadlock
367	SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access
377	SV.PCC.CONST Insecure constant temporary filename SV.PCC.INVALID_TEMP_PATH Insecure temporary path SV.PCC.MISSING_TEMP_CALLS.MUST Insecure temporary variable filename SV.PCC.MISSING_TEMP_FILENAME Missing temporary filename SV.PCC.MODIFIED_BEFORE_CREATE Insecure modification of temporary filename
390	SV.RVT.RETVAL_NOTTESTED Ignored Return Value
391	SV.RVT.RETVAL_NOTTESTED Ignored Return Value
401	FREE.INCONSISTENT Inconsistent Freeing of Memory MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak
403	RH.LEAK Resource leak
404	FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory RH.LEAK Resource leak SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling—allocation and release SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure Resource Handling—status checking CONC.DL Deadlock
415	UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak
416	UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory
421	SV.PIPE.VAR Potential pipe hijacking SV.PIPE.CONST Potential pipe hijacking
457	UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable
464	SV.BANNED.RECOMMENDED.TOKEN Banned token function call NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String
466	PORTING.CAST.PTR Cast between pointer and non-pointer types
467	INCORRECT.ALLOC_SIZE Incorrect Allocation Size
468	CWARN.ALIGNMENT Incorrect pointer scaling is used MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression
476	NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RN.INDEX Suspicious use of index before negative check RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check
478	LA_UNUSED Label unused
479	MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function
480	ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect SEMICOL Suspiciously placed semicolon CWARN.NULLCHECK.FUNCNAME Ineffective function address check
482	ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect
488	CONC.DL Deadlock
497	SV.STR_PAR.UNDESIRED_STRING_PARAMETER String parameter in file path
561	UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable return VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization LA_UNUSED Label unused
562	LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable
563	LV_UNUSED.GEN Local variable unused
587	PORTING.CAST.PTR Cast between pointer and non-pointer types
590	FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory
606	SV.TAINTED.CALL.LOOP_BOUND Unvalidated input used as a loop boundary by function call SV.TAINTED.LOOP_BOUND Unvalidated input used as a loop boundary
628	MISRA.FUNC.UNMATCHED.PARAMS Number of formal and actual parameters passed to function do not match
665	UNINIT.STACK.ARRAY.MIGHT Uninitialized array possible UNINIT.STACK.ARRAY.MUST Uninitialized array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially uninitialized array UNINIT.HEAP.MIGHT Uninitialized heap use possible UNINIT.HEAP.MUST Uninitialized heap use ABV.GENERAL - Buffer overflow - array index out of bounds
676	SV.BANNED.RECOMMENDED.SCANF Banned scanf function call MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol'
681	PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during Function Call
682	PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false MISRA.FUNC.VARARG Function with variable number of arguments MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value
684	SV.BANNED.RECOMMENDED.ALLOCA Banned alloc function call SV.BANNED.REQUIRED.CONCAT Banned string concat function call SV.BANNED.REQUIRED.COPY Banned copy function call SV.BANNED.REQUIRED.ISBAD Banned IsBad function call SV.BANNED.RECOMMENDED.NUMERIC Banned numeric conversion function call SV.BANNED.RECOMMENDED.OEM Banned OEM character conversion function call SV.BANNED.RECOMMENDED.PATH Banned path function call SV.BANNED.RECOMMENDED.SCANF Banned scanf function call SV.BANNED.RECOMMENDED.SPRINTF Banned sprintf function call SV.BANNED.RECOMMENDED.TOKEN Banned token function call
686	SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.SCAN_FORMAT_MISMATCH Incompatible type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call
704	MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference
732	SV.USAGERULES.PERMISSIONS Exposure to privilege escalation
754	SV.RVT.RETVAL_NOTTESTED Ignored Return Value
762	FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory
764	CONC.DL Deadlock
768	MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects
770	RH.LEAK Resource leak
772	CONC.DL Deadlock
787	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds
788	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index
805	ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds INCORRECT.ALLOC_SIZE Incorrect allocation size
835	INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop

Retrieved from "http://www.klocwork.com/products/documentation/current/CWE_IDs_mapped_to_Klocwork_C_and_C%2B%2B_checkers"

Categories: Detected Issues | Detected C/C++ Issues | Coding standards