/seeve

A set of vulnerable C code snippets (with mapped CVEs)

Primary LanguageC

SEEWE

Examples that illustrate the different code vulnerabilities according to CWE.

  • CWE-20 (Improper Input Validation)
  • CWE-119 (Improper restriction of operations within the bounds of a memory buffer)
  • CWE-120 (Buffer copy without checking size of input)
  • CWE-125 (Out-of-bounds Read)
  • CWE-134 (Use of externally-controlled format string)
  • CWE-170 (Improper Null Termination)
  • CWE-190 (Integer Overflow or Wraparound)
  • CWE-193 (Off-by-one Error)
  • CWE-195 (Signed to unsigned conversion error)
  • CWE-197 (Numeric truncation error)
  • CWE-222 (Truncation of Security-relevant information - TBD)
  • CWE-369 (Divide By Zero)
  • CWE-401 (Missing release of memory after effective lifetime)
  • CWE-401 (Exposure of file descriptor to unintended control sphere - TBD)
  • CWE-415 (Double free)
  • CWE-416 (Use After Free)
  • CWE-457 (Use of uninitialized variable)
  • CWE-476 (Null pointer dereference)
  • CWE-665 (Improper initialization)
  • CWE-787 (Out-of-bounds Write - TBD)