CWE in Final Event

Challenges used in CGC were developed by multiple teams. Challenge authors were asked to supply information for challenges they developed. The following index shows the Common Weakness Enumerations for each challenge as specified by the challenge author.

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CROMU_00046, KPRCA_00088, KPRCA_00101, NRFIN_00054, NRFIN_00055, NRFIN_00065

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CROMU_00047, CROMU_00076, CROMU_00093, CROMU_00098, NRFIN_00053, NRFIN_00063

CWE-121 - Stack-based Buffer Overflow

CROMU_00064, CROMU_00065, CROMU_00066, CROMU_00073, CROMU_00084, CROMU_00088, CROMU_00094, KPRCA_00062, KPRCA_00064, KPRCA_00069, KPRCA_00071, KPRCA_00073, KPRCA_00079, KPRCA_00087, KPRCA_00093, KPRCA_00094, KPRCA_00099, KPRCA_00102, KPRCA_00110, KPRCA_00112, NRFIN_00053, NRFIN_00063, NRFIN_00064, YAN01_00015, YAN01_00016

CWE-122 - Heap-based Buffer Overflow

CROMU_00047, CROMU_00055, CROMU_00057, CROMU_00061, KPRCA_00075, KPRCA_00081, KPRCA_00086, KPRCA_00088, KPRCA_00101, NRFIN_00046, NRFIN_00061, NRFIN_00063, NRFIN_00067

CWE-123 - Write-what-where Condition


CWE-124 - Buffer Underwrite ('Buffer Underflow')


CWE-125 - Out-of-bounds Read

CROMU_00054, CROMU_00058, CROMU_00078, KPRCA_00064, KPRCA_00074, KPRCA_00077, KPRCA_00111, NRFIN_00061, NRFIN_00064, NRFIN_00069, NRFIN_00071

CWE-126 - Buffer Over-read

KPRCA_00065, KPRCA_00068

CWE-127 - Buffer Under-read


CWE-129 - Improper Validation of Array Index

CROMU_00063, CROMU_00079, CROMU_00087, KPRCA_00064, KPRCA_00077, KPRCA_00111, NRFIN_00049, NRFIN_00051

CWE-131 - Incorrect Calculation of Buffer Size

CROMU_00048, CROMU_00055, CROMU_00066, CROMU_00072, NRFIN_00063, NRFIN_00067

CWE-134 - Use of Externally-Controlled Format String

KPRCA_00069, KPRCA_00120, NRFIN_00044, NRFIN_00053

CWE-135 - Incorrect Calculation of Multi-Byte String Length


CWE-170 - Improper Null Termination

NRFIN_00061, NRFIN_00064, NRFIN_00069

CWE-190 - Integer Overflow or Wraparound

CROMU_00055, CROMU_00092, NRFIN_00049, NRFIN_00052

CWE-191 - Integer Underflow (Wrap or Wraparound)


CWE-193 - Off-by-one Error

CROMU_00051, CROMU_00083, CROMU_00096, NRFIN_00061, NRFIN_00064

CWE-196 - Unsigned to Signed Conversion Error

CROMU_00048, CROMU_00077

CWE-20 - Improper Input Validation

CROMU_00051, CROMU_00063, NRFIN_00044, NRFIN_00049, NRFIN_00051

CWE-200 - Information Exposure

CROMU_00054, NRFIN_00066

CWE-201 - Information Exposure Through Sent Data

NRFIN_00043, NRFIN_00044, NRFIN_00049, NRFIN_00051, NRFIN_00053, NRFIN_00059, NRFIN_00065, NRFIN_00066, NRFIN_00072

CWE-202 - Exposure of Sensitive Data Through Data Queries


CWE-215 - Information Exposure Through Debug Information


CWE-287 - Improper Authentication


CWE-291 - Reliance on IP Address for Authentication


CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')


CWE-310 - Cryptographic Issues


CWE-316 - Cleartext Storage of Sensitive Information in Memory


CWE-388 - Error Handling


CWE-398 - Indicator of Poor Code Quality


CWE-416 - Use After Free

KPRCA_00100, NRFIN_00054

CWE-465 - Pointer Issues

KPRCA_00074, NRFIN_00066

CWE-514 - Covert Channel


CWE-515 - Covert Storage Channel


CWE-521 - Weak Password Requirements


CWE-665 - Improper Initialization

CROMU_00063, NRFIN_00065

CWE-680 - Integer Overflow to Buffer Overflow


CWE-681 - Incorrect Conversion between Numeric Types


CWE-703 - Improper Check or Handling of Exceptional Conditions

NRFIN_00054, NRFIN_00055

CWE-704 - Incorrect Type Conversion or Cast

NRFIN_00054, NRFIN_00055, NRFIN_00067

CWE-786 - Access of Memory Location Before Start of Buffer


CWE-787 - Out-of-bounds Write

CROMU_00061, CROMU_00082, CROMU_00092, KPRCA_00073, NRFIN_00053, NRFIN_00061, NRFIN_00063, NRFIN_00064, NRFIN_00067, NRFIN_00071

CWE-788 - Access of Memory Location After End of Buffer

CROMU_00097, NRFIN_00053, NRFIN_00061, NRFIN_00063, NRFIN_00064, NRFIN_00067

CWE-798 - Use of Hard-coded Credentials


CWE-805 - Buffer Access with Incorrect Length Value


CWE-806 - Buffer Access Using Size of Source Buffer


CWE-822 - Untrusted Pointer Dereference

NRFIN_00045, NRFIN_00056, NRFIN_00066

CWE-825 - Expired Pointer Dereference

KPRCA_00100, NRFIN_00054

CWE-839 - Numeric Range Comparison Without Minimum Check

KPRCA_00069, KPRCA_00071

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

KPRCA_00097, NRFIN_00046, NRFIN_00054, NRFIN_00055

CWE-908 - Use of Uninitialized Resource


Curated by Lunge Technology, LLC. Questions or comments? Send us email