CWE in Qualifiers

Challenges used in CGC were developed by multiple teams. Challenge authors were asked to supply information for challenges they developed. The following index shows the Common Weakness Enumerations for each challenge as specified by the challenge author.

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CROMU_00008, CROMU_00018, CROMU_00023, CROMU_00026, CROMU_00036

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CROMU_00001, CROMU_00004, CROMU_00006, CROMU_00011, CROMU_00015, CROMU_00016, CROMU_00032, CROMU_00038, CROMU_00039, KPRCA_00022, KPRCA_00023, NRFIN_00004, NRFIN_00005, NRFIN_00007, NRFIN_00009, NRFIN_00016, NRFIN_00041

CWE-121 - Stack-based Buffer Overflow

CROMU_00017, CROMU_00019, CROMU_00020, CROMU_00026, CROMU_00030, CROMU_00034, CROMU_00041, CROMU_00042, KPRCA_00011, KPRCA_00012, KPRCA_00021, KPRCA_00024, KPRCA_00027, KPRCA_00029, KPRCA_00040, KPRCA_00041, KPRCA_00043, KPRCA_00047, NRFIN_00015, NRFIN_00016, NRFIN_00026, NRFIN_00038

CWE-122 - Heap-based Buffer Overflow

CROMU_00006, CROMU_00014, CROMU_00015, KPRCA_00002, KPRCA_00010, KPRCA_00019, KPRCA_00023, KPRCA_00025, KPRCA_00026, KPRCA_00031, KPRCA_00032, KPRCA_00045, KPRCA_00046, KPRCA_00048, KPRCA_00049, KPRCA_00051, NRFIN_00004, NRFIN_00009, NRFIN_00015, NRFIN_00023, NRFIN_00024, NRFIN_00030, NRFIN_00032, NRFIN_00033, NRFIN_00036, NRFIN_00039, NRFIN_00041, YAN01_00012

CWE-123 - Write-what-where Condition


CWE-125 - Out-of-bounds Read

CROMU_00021, CROMU_00033, CROMU_00034, CROMU_00043, KPRCA_00020, NRFIN_00004, NRFIN_00012, NRFIN_00015, NRFIN_00027, NRFIN_00036, YAN01_00011

CWE-127 - Buffer Under-read


CWE-128 - Wrap-around Error


CWE-129 - Improper Validation of Array Index

CROMU_00014, CROMU_00025, CROMU_00028, CROMU_00029, KPRCA_00007, KPRCA_00035, NRFIN_00017, NRFIN_00018, NRFIN_00020, NRFIN_00022, NRFIN_00023, NRFIN_00030, NRFIN_00035, NRFIN_00041

CWE-131 - Incorrect Calculation of Buffer Size

CROMU_00001, CROMU_00016, CROMU_00026, CROMU_00029, CROMU_00037, CROMU_00042, KPRCA_00048, NRFIN_00026, NRFIN_00030, NRFIN_00032, NRFIN_00036, NRFIN_00042

CWE-134 - Use of Externally-Controlled Format String

CROMU_00043, KPRCA_00034, KPRCA_00038, KPRCA_00039, KPRCA_00042, NRFIN_00001, YAN01_00009

CWE-170 - Improper Null Termination


CWE-176 - Improper Handling of Unicode Encoding


CWE-190 - Integer Overflow or Wraparound

CROMU_00001, CROMU_00021, CROMU_00029, CROMU_00042, KPRCA_00012, KPRCA_00018, KPRCA_00025, KPRCA_00037, KPRCA_00047, NRFIN_00018, NRFIN_00021, NRFIN_00022, NRFIN_00023, NRFIN_00027, NRFIN_00035, NRFIN_00039

CWE-191 - Integer Underflow (Wrap or Wraparound)

CROMU_00018, NRFIN_00016, NRFIN_00022

CWE-193 - Off-by-one Error

CROMU_00040, KPRCA_00013, KPRCA_00027, KPRCA_00036, NRFIN_00007, NRFIN_00015, NRFIN_00017, NRFIN_00020, NRFIN_00022, NRFIN_00024, NRFIN_00036

CWE-195 - Signed to Unsigned Conversion Error

CROMU_00027, CROMU_00042, KPRCA_00016, NRFIN_00016, NRFIN_00022

CWE-196 - Unsigned to Signed Conversion Error


CWE-20 - Improper Input Validation

NRFIN_00009, NRFIN_00017, NRFIN_00020, NRFIN_00022, NRFIN_00029, NRFIN_00030, NRFIN_00035, NRFIN_00041

CWE-201 - Information Exposure Through Sent Data


CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


CWE-252 - Unchecked Return Value


CWE-275 - Permission Issues


CWE-326 - Inadequate Encryption Strength


CWE-327 - Use of a Broken or Risky Cryptographic Algorithm


CWE-328 - Reversible One-Way Hash


CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition


CWE-369 - Divide By Zero


CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')


CWE-415 - Double Free


CWE-416 - Use After Free

CROMU_00025, CROMU_00035, CROMU_00044, KPRCA_00011, KPRCA_00054, NRFIN_00023, NRFIN_00024

CWE-434 - Unrestricted Upload of File with Dangerous Type


CWE-457 - Use of Uninitialized Variable

KPRCA_00013, KPRCA_00017, KPRCA_00036, NRFIN_00012, NRFIN_00033

CWE-467 - Use of sizeof() on a Pointer Type


CWE-469 - Use of Pointer Subtraction to Determine Size


CWE-471 - Modification of Assumed-Immutable Data (MAID)


CWE-476 - NULL Pointer Dereference

CROMU_00009, CROMU_00015, CROMU_00021, CROMU_00024, CROMU_00027, CROMU_00034, CROMU_00040, KPRCA_00016, KPRCA_00026, KPRCA_00028, KPRCA_00038, KPRCA_00048, KPRCA_00052, NRFIN_00005, NRFIN_00014, NRFIN_00017, NRFIN_00021, YAN01_00007, YAN01_00010

CWE-59 - Improper Link Resolution Before File Access ('Link Following')


CWE-61 - UNIX Symbolic Link (Symlink) Following


CWE-665 - Improper Initialization


CWE-674 - Uncontrolled Recursion

KPRCA_00036, KPRCA_00038, KPRCA_00049, NRFIN_00025, NRFIN_00034

CWE-680 - Integer Overflow to Buffer Overflow

NRFIN_00008, NRFIN_00022

CWE-682 - Incorrect Calculation


CWE-690 - Unchecked Return Value to NULL Pointer Dereference


CWE-704 - Incorrect Type Conversion or Cast

KPRCA_00053, NRFIN_00027

CWE-755 - Improper Handling of Exceptional Conditions


CWE-763 - Release of Invalid Pointer or Reference


CWE-783 - Operator Precedence Logic Error

KPRCA_00051, KPRCA_00053

CWE-785 - Use of Path Manipulation Function without Maximum-sized Buffer


CWE-787 - Out-of-bounds Write

CROMU_00002, CROMU_00003, CROMU_00005, CROMU_00009, CROMU_00012, CROMU_00021, CROMU_00022, CROMU_00027, CROMU_00031, KPRCA_00008, KPRCA_00035, KPRCA_00040, KPRCA_00047, NRFIN_00009, NRFIN_00018, NRFIN_00021, NRFIN_00030, NRFIN_00033, NRFIN_00036, NRFIN_00042

CWE-788 - Access of Memory Location After End of Buffer

KPRCA_00040, KPRCA_00044, KPRCA_00048, NRFIN_00033, NRFIN_00035, NRFIN_00039, NRFIN_00041

CWE-798 - Use of Hard-coded Credentials


CWE-805 - Buffer Access with Incorrect Length Value

CROMU_00036, NRFIN_00035

CWE-822 - Untrusted Pointer Dereference

KPRCA_00050, NRFIN_00023, NRFIN_00029, NRFIN_00038

CWE-823 - Use of Out-of-range Pointer Offset

CROMU_00038, KPRCA_00046

CWE-824 - Access of Uninitialized Pointer

CROMU_00038, NRFIN_00035, YAN01_00007, YAN01_00010

CWE-825 - Expired Pointer Dereference


CWE-839 - Numeric Range Comparison Without Minimum Check

CROMU_00022, KPRCA_00037, NRFIN_00009

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

CROMU_00021, KPRCA_00028, KPRCA_00033, NRFIN_00023, NRFIN_00027

CWE-908 - Use of Uninitialized Resource

KPRCA_00016, KPRCA_00021, KPRCA_00025

Curated by Lunge Technology, LLC. Questions or comments? Send us email