CWE in Final Event

Challenges used in CGC were developed by multiple teams. Challenge authors were asked to supply information for challenges they developed. The following index shows the Common Weakness Enumerations for each challenge as specified by the challenge author.

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CROMU_00046, KPRCA_00088, KPRCA_00101, NRFIN_00054, NRFIN_00055, NRFIN_00065

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CROMU_00047, CROMU_00076, CROMU_00093, CROMU_00098, NRFIN_00053, NRFIN_00063

CWE-121 - Stack-based Buffer Overflow

CROMU_00064, CROMU_00065, CROMU_00066, CROMU_00073, CROMU_00084, CROMU_00088, CROMU_00094, KPRCA_00062, KPRCA_00064, KPRCA_00069, KPRCA_00071, KPRCA_00073, KPRCA_00079, KPRCA_00087, KPRCA_00093, KPRCA_00094, KPRCA_00099, KPRCA_00102, KPRCA_00110, KPRCA_00112, NRFIN_00053, NRFIN_00063, NRFIN_00064, YAN01_00015, YAN01_00016

CWE-122 - Heap-based Buffer Overflow

CROMU_00047, CROMU_00055, CROMU_00057, CROMU_00061, KPRCA_00075, KPRCA_00081, KPRCA_00086, KPRCA_00088, KPRCA_00101, NRFIN_00046, NRFIN_00061, NRFIN_00063, NRFIN_00067

CWE-123 - Write-what-where Condition

KPRCA_00074

CWE-124 - Buffer Underwrite ('Buffer Underflow')

CROMU_00072

CWE-125 - Out-of-bounds Read

CROMU_00054, CROMU_00058, CROMU_00078, KPRCA_00064, KPRCA_00074, KPRCA_00077, KPRCA_00111, NRFIN_00061, NRFIN_00064, NRFIN_00069, NRFIN_00071

CWE-126 - Buffer Over-read

KPRCA_00065, KPRCA_00068

CWE-127 - Buffer Under-read

CROMU_00077

CWE-129 - Improper Validation of Array Index

CROMU_00063, CROMU_00079, CROMU_00087, KPRCA_00064, KPRCA_00077, KPRCA_00111, NRFIN_00049, NRFIN_00051

CWE-131 - Incorrect Calculation of Buffer Size

CROMU_00048, CROMU_00055, CROMU_00066, CROMU_00072, NRFIN_00063, NRFIN_00067

CWE-134 - Use of Externally-Controlled Format String

KPRCA_00069, KPRCA_00120, NRFIN_00044, NRFIN_00053

CWE-135 - Incorrect Calculation of Multi-Byte String Length

CROMU_00095

CWE-170 - Improper Null Termination

NRFIN_00061, NRFIN_00064, NRFIN_00069

CWE-190 - Integer Overflow or Wraparound

CROMU_00055, CROMU_00092, NRFIN_00049, NRFIN_00052

CWE-191 - Integer Underflow (Wrap or Wraparound)

KPRCA_00111

CWE-193 - Off-by-one Error

CROMU_00051, CROMU_00083, CROMU_00096, NRFIN_00061, NRFIN_00064

CWE-196 - Unsigned to Signed Conversion Error

CROMU_00048, CROMU_00077

CWE-20 - Improper Input Validation

CROMU_00051, CROMU_00063, NRFIN_00044, NRFIN_00049, NRFIN_00051

CWE-200 - Information Exposure

CROMU_00054, NRFIN_00066

CWE-201 - Information Exposure Through Sent Data

NRFIN_00043, NRFIN_00044, NRFIN_00049, NRFIN_00051, NRFIN_00053, NRFIN_00059, NRFIN_00065, NRFIN_00066, NRFIN_00072

CWE-202 - Exposure of Sensitive Data Through Data Queries

YAN01_00016

CWE-215 - Information Exposure Through Debug Information

CROMU_00093

CWE-287 - Improper Authentication

KPRCA_00093

CWE-291 - Reliance on IP Address for Authentication

YAN01_00015

CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

NRFIN_00066

CWE-310 - Cryptographic Issues

NRFIN_00066

CWE-316 - Cleartext Storage of Sensitive Information in Memory

CROMU_00063

CWE-388 - Error Handling

NRFIN_00045

CWE-398 - Indicator of Poor Code Quality

KPRCA_00077

CWE-416 - Use After Free

KPRCA_00100, NRFIN_00054

CWE-465 - Pointer Issues

KPRCA_00074, NRFIN_00066

CWE-514 - Covert Channel

NRFIN_00066

CWE-515 - Covert Storage Channel

NRFIN_00066

CWE-521 - Weak Password Requirements

KPRCA_00093

CWE-665 - Improper Initialization

CROMU_00063, NRFIN_00065

CWE-680 - Integer Overflow to Buffer Overflow

KPRCA_00119

CWE-681 - Incorrect Conversion between Numeric Types

KPRCA_00112

CWE-703 - Improper Check or Handling of Exceptional Conditions

NRFIN_00054, NRFIN_00055

CWE-704 - Incorrect Type Conversion or Cast

NRFIN_00054, NRFIN_00055, NRFIN_00067

CWE-786 - Access of Memory Location Before Start of Buffer

KPRCA_00091

CWE-787 - Out-of-bounds Write

CROMU_00061, CROMU_00082, CROMU_00092, KPRCA_00073, NRFIN_00053, NRFIN_00061, NRFIN_00063, NRFIN_00064, NRFIN_00067, NRFIN_00071

CWE-788 - Access of Memory Location After End of Buffer

CROMU_00097, NRFIN_00053, NRFIN_00061, NRFIN_00063, NRFIN_00064, NRFIN_00067

CWE-798 - Use of Hard-coded Credentials

CROMU_00093

CWE-805 - Buffer Access with Incorrect Length Value

NRFIN_00067

CWE-806 - Buffer Access Using Size of Source Buffer

NRFIN_00053

CWE-822 - Untrusted Pointer Dereference

NRFIN_00045, NRFIN_00056, NRFIN_00066

CWE-825 - Expired Pointer Dereference

KPRCA_00100, NRFIN_00054

CWE-839 - Numeric Range Comparison Without Minimum Check

KPRCA_00069, KPRCA_00071

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

KPRCA_00097, NRFIN_00046, NRFIN_00054, NRFIN_00055

CWE-908 - Use of Uninitialized Resource

NRFIN_00071

Curated by Lunge Technology, LLC. Questions or comments? Send us email