Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
Category ID:743
Vulnerability Mapping:Prohibited
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) chapter of the CERT C Secure Coding Standard (2008).

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV734Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
HasMemberAllowedB241Improper Handling of Unexpected Data Type
HasMemberDiscouragedC119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberAllowedB134Use of Externally-Controlled Format String
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB276Incorrect Default Permissions
HasMemberAllowedV279Incorrect Execution-Assigned Permissions
HasMemberAllowed-with-ReviewC362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberAllowedB367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberAllowedV37Path Traversal: '/absolute/pathname/here'
HasMemberAllowedB379Creation of Temporary File in Directory with Insecure Permissions
HasMemberAllowedV38Path Traversal: '\absolute\pathname\here'
HasMemberAllowedV39Path Traversal: 'C:dirname'
HasMemberProhibitedB391Unchecked Error Condition
HasMemberAllowedB403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
HasMemberAllowed-with-ReviewC404Improper Resource Shutdown or Release
HasMemberAllowedB41Improper Resolution of Path Equivalence
HasMemberAllowedB552Files or Directories Accessible to External Parties
HasMemberAllowedB59Improper Link Resolution Before File Access ('Link Following')
HasMemberAllowedV62UNIX Hard Link
HasMemberAllowedV64Windows Shortcut Following (.LNK)
HasMemberAllowedV65Windows Hard Link
HasMemberAllowedV67Improper Handling of Windows Device Names
HasMemberAllowed-with-ReviewC675Multiple Operations on Resource in Single-Operation Context
HasMemberAllowedB676Use of Potentially Dangerous Function
HasMemberAllowedV686Function Call With Incorrect Argument Type
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 734
Name: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 241
Name: Improper Handling of Unexpected Data Type
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 119
Name: Improper Restriction of Operations within the Bounds of a Memory Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 134
Name: Use of Externally-Controlled Format String
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 276
Name: Incorrect Default Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 279
Name: Incorrect Execution-Assigned Permissions
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 362
Name: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 367
Name: Time-of-check Time-of-use (TOCTOU) Race Condition
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 37
Name: Path Traversal: '/absolute/pathname/here'
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 379
Name: Creation of Temporary File in Directory with Insecure Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 38
Name: Path Traversal: '\absolute\pathname\here'
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 39
Name: Path Traversal: 'C:dirname'
Nature: HasMember
Mapping: Prohibited
Type: Base
ID: 391
Name: Unchecked Error Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 403
Name: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 404
Name: Improper Resource Shutdown or Release
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 41
Name: Improper Resolution of Path Equivalence
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 552
Name: Files or Directories Accessible to External Parties
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 59
Name: Improper Link Resolution Before File Access ('Link Following')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 62
Name: UNIX Hard Link
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 64
Name: Windows Shortcut Following (.LNK)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 65
Name: Windows Hard Link
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 67
Name: Improper Handling of Windows Device Names
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 675
Name: Multiple Operations on Resource in Single-Operation Context
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 676
Name: Use of Potentially Dangerous Function
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 686
Name: Function Call With Incorrect Argument Type
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
Relationship

In the 2008 version of the CERT C Secure Coding standard, the following rules were mapped to the following CWE IDs: CWE-22 FIO02-C Canonicalize path names originating from untrusted sources CWE-37 FIO05-C Identify files using multiple file attributes CWE-38 FIO05-C Identify files using multiple file attributes CWE-39 FIO05-C Identify files using multiple file attributes CWE-41 FIO02-C Canonicalize path names originating from untrusted sources CWE-59 FIO02-C Canonicalize path names originating from untrusted sources CWE-62 FIO05-C Identify files using multiple file attributes CWE-64 FIO05-C Identify files using multiple file attributes CWE-65 FIO05-C Identify files using multiple file attributes CWE-67 FIO32-C Do not perform operations on devices that are only appropriate for files CWE-119 FIO37-C Do not assume character data has been read CWE-134 FIO30-C Exclude user input from format strings CWE-134 FIO30-C Exclude user input from format strings CWE-241 FIO37-C Do not assume character data has been read CWE-276 FIO06-C Create files with appropriate access permissions CWE-279 FIO06-C Create files with appropriate access permissions CWE-362 FIO31-C Do not simultaneously open the same file multiple times CWE-367 FIO01-C Be careful using functions that use file names for identification CWE-379 FIO15-C Ensure that file operations are performed in a secure directory CWE-379 FIO43-C Do not create temporary files in shared directories CWE-391 FIO04-C Detect and handle input and output errors CWE-391 FIO33-C Detect and handle input output errors resulting in undefined behavior CWE-403 FIO42-C Ensure files are properly closed when they are no longer needed CWE-404 FIO42-C Ensure files are properly closed when they are no longer needed CWE-552 FIO15-C Ensure that file operations are performed in a secure directory CWE-675 FIO31-C Do not simultaneously open the same file multiple times CWE-676 FIO01-C Be careful using functions that use file names for identification CWE-686 FIO00-C Take care when creating format strings CWE-732 FIO06-C Create files with appropriate access permissions

N/A

▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-597
Title: The CERT C Secure Coding Standard
Version: v4.15
Author: Robert C. Seacord
Publication:
Publisher:Addison-Wesley Professional
Edition:1st Edition
URL:
URL Date:
Day:14
Month:10
Year:2008
Details not found