CWE-586 |
The software makes an explicit call to the finalize() method from outside the finalizer. |
CWE-587 |
The software sets a pointer to a specific address other than NULL or 0. |
CWE-588 |
Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption. |
CWE-589 |
The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences. |
CWE-686 |
The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. |
CWE-59 |
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
CWE-590 |
The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc(). |
CWE-591 |
The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors. |
CWE-592 |
This weakness has been deprecated because it covered redundant concepts already described in CWE-287. |
CWE-593 |
The software modifies the SSL context after connection creation has begun. |