CWE in Qualifiers

Challenges used in CGC were developed by multiple teams. Challenge authors were asked to supply information for challenges they developed. The following index shows the Common Weakness Enumerations for each challenge as specified by the challenge author.


CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CROMU_00008, CROMU_00018, CROMU_00023, CROMU_00026, CROMU_00036

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CROMU_00001, CROMU_00004, CROMU_00006, CROMU_00011, CROMU_00015, CROMU_00016, CROMU_00032, CROMU_00038, CROMU_00039, KPRCA_00022, KPRCA_00023, NRFIN_00004, NRFIN_00005, NRFIN_00007, NRFIN_00009, NRFIN_00016, NRFIN_00041

CWE-121 - Stack-based Buffer Overflow

CROMU_00017, CROMU_00019, CROMU_00020, CROMU_00026, CROMU_00030, CROMU_00034, CROMU_00041, CROMU_00042, KPRCA_00011, KPRCA_00012, KPRCA_00021, KPRCA_00024, KPRCA_00027, KPRCA_00029, KPRCA_00040, KPRCA_00041, KPRCA_00043, KPRCA_00047, NRFIN_00015, NRFIN_00016, NRFIN_00026, NRFIN_00038

CWE-122 - Heap-based Buffer Overflow

CROMU_00006, CROMU_00014, CROMU_00015, KPRCA_00002, KPRCA_00010, KPRCA_00019, KPRCA_00023, KPRCA_00025, KPRCA_00026, KPRCA_00031, KPRCA_00032, KPRCA_00045, KPRCA_00046, KPRCA_00048, KPRCA_00049, KPRCA_00051, NRFIN_00004, NRFIN_00009, NRFIN_00015, NRFIN_00023, NRFIN_00024, NRFIN_00030, NRFIN_00032, NRFIN_00033, NRFIN_00036, NRFIN_00039, NRFIN_00041, YAN01_00012

CWE-123 - Write-what-where Condition

NRFIN_00039

CWE-125 - Out-of-bounds Read

CROMU_00021, CROMU_00033, CROMU_00034, CROMU_00043, KPRCA_00020, NRFIN_00004, NRFIN_00012, NRFIN_00015, NRFIN_00027, NRFIN_00036, YAN01_00011

CWE-127 - Buffer Under-read

KPRCA_00014

CWE-128 - Wrap-around Error

NRFIN_00035

CWE-129 - Improper Validation of Array Index

CROMU_00014, CROMU_00025, CROMU_00028, CROMU_00029, KPRCA_00007, KPRCA_00035, NRFIN_00017, NRFIN_00018, NRFIN_00020, NRFIN_00022, NRFIN_00023, NRFIN_00030, NRFIN_00035, NRFIN_00041

CWE-131 - Incorrect Calculation of Buffer Size

CROMU_00001, CROMU_00016, CROMU_00026, CROMU_00029, CROMU_00037, CROMU_00042, KPRCA_00048, NRFIN_00026, NRFIN_00030, NRFIN_00032, NRFIN_00036, NRFIN_00042

CWE-134 - Use of Externally-Controlled Format String

CROMU_00043, KPRCA_00034, KPRCA_00038, KPRCA_00039, KPRCA_00042, NRFIN_00001, YAN01_00009

CWE-170 - Improper Null Termination

KPRCA_00009

CWE-176 - Improper Handling of Unicode Encoding

NRFIN_00029

CWE-190 - Integer Overflow or Wraparound

CROMU_00001, CROMU_00021, CROMU_00029, CROMU_00042, KPRCA_00012, KPRCA_00018, KPRCA_00025, KPRCA_00037, KPRCA_00047, NRFIN_00018, NRFIN_00021, NRFIN_00022, NRFIN_00023, NRFIN_00027, NRFIN_00035, NRFIN_00039

CWE-191 - Integer Underflow (Wrap or Wraparound)

CROMU_00018, NRFIN_00016, NRFIN_00022

CWE-193 - Off-by-one Error

CROMU_00040, KPRCA_00013, KPRCA_00027, KPRCA_00036, NRFIN_00007, NRFIN_00015, NRFIN_00017, NRFIN_00020, NRFIN_00022, NRFIN_00024, NRFIN_00036

CWE-195 - Signed to Unsigned Conversion Error

CROMU_00027, CROMU_00042, KPRCA_00016, NRFIN_00016, NRFIN_00022

CWE-196 - Unsigned to Signed Conversion Error

CROMU_00018

CWE-20 - Improper Input Validation

NRFIN_00009, NRFIN_00017, NRFIN_00020, NRFIN_00022, NRFIN_00029, NRFIN_00030, NRFIN_00035, NRFIN_00041

CWE-201 - Information Exposure Through Sent Data

NRFIN_00038

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

NRFIN_00029

CWE-252 - Unchecked Return Value

KPRCA_00024

CWE-275 - Permission Issues

NRFIN_00034

CWE-326 - Inadequate Encryption Strength

NRFIN_00038

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

NRFIN_00038

CWE-328 - Reversible One-Way Hash

NRFIN_00038

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

KPRCA_00026

CWE-369 - Divide By Zero

NRFIN_00027

CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

CROMU_00011

CWE-415 - Double Free

KPRCA_00021

CWE-416 - Use After Free

CROMU_00025, CROMU_00035, CROMU_00044, KPRCA_00011, KPRCA_00054, NRFIN_00023, NRFIN_00024

CWE-434 - Unrestricted Upload of File with Dangerous Type

NRFIN_00034

CWE-457 - Use of Uninitialized Variable

KPRCA_00013, KPRCA_00017, KPRCA_00036, NRFIN_00012, NRFIN_00033

CWE-467 - Use of sizeof() on a Pointer Type

CROMU_00010

CWE-469 - Use of Pointer Subtraction to Determine Size

NRFIN_00036

CWE-471 - Modification of Assumed-Immutable Data (MAID)

NRFIN_00038

CWE-476 - NULL Pointer Dereference

CROMU_00009, CROMU_00015, CROMU_00021, CROMU_00024, CROMU_00027, CROMU_00034, CROMU_00040, KPRCA_00016, KPRCA_00026, KPRCA_00028, KPRCA_00038, KPRCA_00048, KPRCA_00052, NRFIN_00005, NRFIN_00014, NRFIN_00017, NRFIN_00021, YAN01_00007, YAN01_00010

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

NRFIN_00034

CWE-61 - UNIX Symbolic Link (Symlink) Following

NRFIN_00034

CWE-665 - Improper Initialization

KPRCA_00035

CWE-674 - Uncontrolled Recursion

KPRCA_00036, KPRCA_00038, KPRCA_00049, NRFIN_00025, NRFIN_00034

CWE-680 - Integer Overflow to Buffer Overflow

NRFIN_00008, NRFIN_00022

CWE-682 - Incorrect Calculation

NRFIN_00027

CWE-690 - Unchecked Return Value to NULL Pointer Dereference

KPRCA_00030

CWE-704 - Incorrect Type Conversion or Cast

KPRCA_00053, NRFIN_00027

CWE-755 - Improper Handling of Exceptional Conditions

KPRCA_00032

CWE-763 - Release of Invalid Pointer or Reference

NRFIN_00039

CWE-783 - Operator Precedence Logic Error

KPRCA_00051, KPRCA_00053

CWE-785 - Use of Path Manipulation Function without Maximum-sized Buffer

CROMU_00035

CWE-787 - Out-of-bounds Write

CROMU_00002, CROMU_00003, CROMU_00005, CROMU_00009, CROMU_00012, CROMU_00021, CROMU_00022, CROMU_00027, CROMU_00031, KPRCA_00008, KPRCA_00035, KPRCA_00040, KPRCA_00047, NRFIN_00009, NRFIN_00018, NRFIN_00021, NRFIN_00030, NRFIN_00033, NRFIN_00036, NRFIN_00042

CWE-788 - Access of Memory Location After End of Buffer

KPRCA_00040, KPRCA_00044, KPRCA_00048, NRFIN_00033, NRFIN_00035, NRFIN_00039, NRFIN_00041

CWE-798 - Use of Hard-coded Credentials

CROMU_00037

CWE-805 - Buffer Access with Incorrect Length Value

CROMU_00036, NRFIN_00035

CWE-822 - Untrusted Pointer Dereference

KPRCA_00050, NRFIN_00023, NRFIN_00029, NRFIN_00038

CWE-823 - Use of Out-of-range Pointer Offset

CROMU_00038, KPRCA_00046

CWE-824 - Access of Uninitialized Pointer

CROMU_00038, NRFIN_00035, YAN01_00007, YAN01_00010

CWE-825 - Expired Pointer Dereference

NRFIN_00024

CWE-839 - Numeric Range Comparison Without Minimum Check

CROMU_00022, KPRCA_00037, NRFIN_00009

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

CROMU_00021, KPRCA_00028, KPRCA_00033, NRFIN_00023, NRFIN_00027

CWE-908 - Use of Uninitialized Resource

KPRCA_00016, KPRCA_00021, KPRCA_00025


Curated by Lunge Technology, LLC. Questions or comments? Send us email