Common Weakness Enumeration (CWE) is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service
component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List
and associated classification taxonomy serve as a language that can be used to identify and describe these
weaknesses in terms of CWEs.
PC-lint Plus provides support for detecting C/C++ software issues described by the CWE (version 4.12 as of June
19, 2025) using the au-cwe.lnt author file which is distributed with the product in the lnt/ directory. The author
file includes -append options which cause messages that are used to report CWE weaknesses to be annotated with
the corresponding CWE identifier. In addition, the CWE Coverage Claim Representation (CCR) XML
document (au-cwe.xml) is in the lnt/ directory. All weaknesses in the following mappings and views are
included:
CWE Top 25 (2023-2019)
Software Written in C
Software Written in C++
SEI CERT C Coding Standard
The CERT C Secure Coding Standard (2008)
SEI CERT C++ Coding Standard (2016)
The author file enables checks for both library and non-library code. This means that the standard
headers employed by your source code are subject to the same scrutiny as the rest of the project.
This is often a project requirement but can result in a lot of noise if library code is not subject to the
same compliance requirements as the rest of the project. The simplest way to disable CWE checks
for library code is to place the options -wlib(4) -wlib(1) immediately after the author file is
referenced. This raises and immediately lowers the warning level for libraries resulting in a
suppression of all non-error messages from library code. Any non-error messages that
you intend to enable for library code (e.g. via +elib) should appear after these options.
The following subsections document the level of support provided by PC-lint Plus for the CWE. The weakness
identifier, level of support, and primary enforcing messages are provided. While every effort is made to ensure the
correctness of the information provided here, Vector Informatik GmbH makes no guarantee with respect to the
accuracy of the information conveyed.
The following terms are used to characterize the support that PC-lint Plus provides each weakness:
Supported - For statically checkable weaknesses, the weakness is comprehensively supported and no false positives nor false negatives are expected. For weaknesses that are not fully statically checkable, substantial support is provided to detect statically checkable issues.
Partially Supported - Meaningful support is provided but there may be cases where false positives and/or false negatives may occur due to limitations in the currently implemented detection method, etc.
Assistance Provided - While detection of the actual weakness is not supported (or cannot be statically checked), potential instances of the weakness are diagnosed.
Not Supported - No meaningful level of support is currently provided for this weakness.
Not Statically Checkable - Instances of the weakness cannot be detected by means of static analysis.
| Supported | 113 | 61.1% |
| Comprehensive | 14 | 7.6% |
| Partial | 91 | 49.2% |
| Assistance | 8 | 4.3% |
| Not Supported | 72 | 38.9% |
| Not Statically Checkable | 8 |
|
| TOTAL | 193 |
|
| 14 | Compiler Removal of Code to Clear Buffers | Assistance provided1 | |
| 20 | Improper Input Validation | Partially supported | |
| 22 | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | Not supported |
|
| 37 | Path Traversal: ‘/absolute/pathname/here’ | Not supported |
|
| 38 | Path Traversal: ‘\absolute\pathname\here’ | Not supported |
|
| 39 | Path Traversal: ‘C:dirname’ | Not supported |
|
| 41 | Improper Resolution of Path Equivalence | Not supported |
|
| 59 | Improper Link Resolution Before File Access (‘Link Following’) | Not supported |
|
| 62 | UNIX Hard Link | Not supported |
|
| 64 | Windows Shortcut Following (.LNK) | Not supported |
|
| 65 | Windows Hard Link | Not supported |
|
| 67 | Improper Handling of Windows Device Names | Not supported |
|
| 77 | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) | Not supported |
|
| 78 | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | Assistance provided2 | |
| 79 | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | Not supported |
|
| 88 | Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) | Assistance provided3 | |
| 89 | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | Not supported |
|
| 94 | Improper Control of Generation of Code (‘Code Injection’) | Not supported |
|
| 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | Partially supported | 409 413 415 416 419 420 421 426 429 498 613 661 662 670 676 2662 |
| 120 | Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) | Partially supported | |
| 121 | Stack-based Buffer Overflow | Partially supported | |
| 122 | Heap-based Buffer Overflow | Partially supported | |
| 123 | Write-what-where Condition | Partially supported | |
| 124 | Buffer Underwrite (‘Buffer Underflow’) | Partially supported | |
| 125 | Out-of-bounds Read | Partially supported | |
| 126 | Buffer Over-read | Partially supported | |
| 127 | Buffer Under-read | Partially supported | |
| 128 | Wrap-around Error | Not supported |
|
| 129 | Improper Validation of Array Index | Partially supported | |
| 130 | Improper Handling of Length Parameter Inconsistency | Not supported |
|
| 131 | Incorrect Calculation of Buffer Size | Partially supported | |
| 134 | Use of Externally-Controlled Format String | Partially supported | 492 493 494 499 557 558 559 566 592 705 706 719 816 855 905 2401 2402 2403 2404 2405 2406 2407 |
| 135 | Incorrect Calculation of Multi-Byte String Length | Partially supported | |
| 170 | Improper Null Termination | Partially supported | |
| 176 | Improper Handling of Unicode Encoding | Partially supported | |
| 188 | Reliance on Data/Memory Layout | Not supported |
|
| 190 | Integer Overflow or Wraparound | Partially supported | |
| 191 | Integer Underflow (Wrap or Wraparound) | Not supported |
|
| 192 | Integer Coercion Error | Partially supported | |
| 193 | Off-by-one Error | Partially supported | |
| 194 | Unexpected Sign Extension | Not supported |
|
| 195 | Signed to Unsigned Conversion Error | Partially supported | |
| 196 | Unsigned to Signed Conversion Error | Not supported |
|
| 197 | Numeric Truncation Error | Partially supported | 501 502 569 570 573 574 586 701 702 732 734 735 736 737 915 922 9118 9227 |
| 200 | Exposure of Sensitive Information to an Unauthorized Actor | Not supported |
|
| 226 | Sensitive Information in Resource Not Removed Before Reuse | Not supported |
|
| 241 | Improper Handling of Unexpected Data Type | Not supported |
|
| 242 | Use of Inherently Dangerous Function | Supported | |
| 243 | Creation of chroot Jail Without Changing Working Directory | Not supported |
|
| 244 | Improper Clearing of Heap Memory Before Release (‘Heap Inspection’) | Not supported |
|
| 248 | Uncaught Exception | Partially supported | |
| 252 | Unchecked Return Value | Partially supported | |
| 253 | Incorrect Check of Function Return Value | Partially supported | |
| 269 | Improper Privilege Management | Not supported |
|
| 272 | Least Privilege Violation | Not supported |
|
| 273 | Improper Check for Dropped Privileges | Not supported |
|
| 276 | Incorrect Default Permissions | Not statically checkable |
|
| 279 | Incorrect Execution-Assigned Permissions | Not supported |
|
| 287 | Improper Authentication | Not statically checkable |
|
| 295 | Improper Certificate Validation | Not supported |
|
| 306 | Missing Authentication for Critical Function | Not supported |
|
| 327 | Use of a Broken or Risky Cryptographic Algorithm | Partially supported | |
| 330 | Use of Insufficiently Random Values | Partially supported | |
| 331 | Insufficient Entropy | Partially supported | |
| 337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) | Partially supported | |
| 338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | Partially supported | |
| 352 | Cross-Site Request Forgery (CSRF) | Not statically checkable |
|
| 362 | Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) | Partially supported | |
| 363 | Race Condition Enabling Link Following | Not supported |
|
| 364 | Signal Handler Race Condition | Partially supported | |
| 366 | Race Condition within a Thread | Partially supported | |
| 367 | Time-of-check Time-of-use (TOCTOU) Race Condition | Not supported |
|
| 369 | Divide By Zero | Partially supported | |
| 374 | Passing Mutable Objects to an Untrusted Method | Not supported |
|
| 375 | Returning a Mutable Object to an Untrusted Caller | Not supported |
|
| 377 | Insecure Temporary File | Assistance provided4 | |
| 379 | Creation of Temporary File in Directory with Insecure Permissions | Not supported |
|
| 391 | Unchecked Error Condition | Partially supported | |
| 396 | Declaration of Catch for Generic Exception | Partially supported | |
| 397 | Declaration of Throws for Generic Exception | Not supported |
|
| 400 | Uncontrolled Resource Consumption | Not supported |
|
| 401 | Missing Release of Memory after Effective Lifetime | Partially supported | |
| 403 | Exposure of File Descriptor to Unintended Control Sphere (‘File Descriptor Leak’) | Assistance provided5 | |
| 404 | Improper Resource Shutdown or Release | Partially supported | |
| 415 | Double Free | Partially supported | |
| 416 | Use After Free | Partially supported | |
| 426 | Untrusted Search Path | Not supported |
|
| 434 | Unrestricted Upload of File with Dangerous Type | Not supported |
|
| 456 | Missing Initialization of a Variable | Partially supported | |
| 457 | Use of Uninitialized Variable | Supported | |
| 459 | Incomplete Cleanup | Partially supported | |
| 460 | Improper Cleanup on Thrown Exception | Not supported |
|
| 462 | Duplicate Key in Associative List (Alist) | Assistance provided6 | |
| 463 | Deletion of Data Structure Sentinel | Partially supported | |
| 464 | Addition of Data Structure Sentinel | Partially supported | |
| 466 | Return of Pointer Value Outside of Expected Range | Not supported |
|
| 467 | Use of sizeof() on a Pointer Type | Partially supported | |
| 468 | Incorrect Pointer Scaling | Partially supported | |
| 469 | Use of Pointer Subtraction to Determine Size | Not supported |
|
| 474 | Use of Function with Inconsistent Implementations | Not supported |
|
| 476 | NULL Pointer Dereference | Partially supported | |
| 477 | Use of Obsolete Function | Assistance provided7 | |
| 478 | Missing Default Case in Multiple Condition Expression | Supported | |
| 479 | Signal Handler Use of a Non-reentrant Function | Supported | |
| 480 | Use of Incorrect Operator | Partially supported | |
| 481 | Assigning instead of Comparing | Partially supported | |
| 482 | Comparing instead of Assigning | Partially supported | |
| 483 | Incorrect Block Delimitation | Partially supported | |
| 484 | Omitted Break Statement in Switch | Supported | |
| 493 | Critical Public Variable Without Final Modifier | Not statically checkable |
|
| 495 | Private Data Structure Returned From A Public Method | Partially supported | |
| 496 | Public Data Assigned to Private Array-Typed Field | Not supported |
|
| 498 | Cloneable Class Containing Sensitive Information | Not statically checkable |
|
| 500 | Public Static Field Not Marked Final | Not supported |
|
| 502 | Deserialization of Untrusted Data | Not supported |
|
| 522 | Insufficiently Protected Credentials | Not supported |
|
| 528 | Exposure of Core Dump File to an Unauthorized Control Sphere | Not supported |
|
| 543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context | Not supported |
|
| 544 | Missing Standardized Error Handling Mechanism | Not statically checkable |
|
| 547 | Use of Hard-coded, Security-relevant Constants | Not supported |
|
| 552 | Files or Directories Accessible to External Parties | Not supported |
|
| 558 | Use of getlogin() in Multithreaded Application | Supported | |
| 560 | Use of umask() with chmod-style Argument | Not supported |
|
| 561 | Dead Code | Supported | 438 474 505 506 522 523 527 528 529 563 612 681 714 715 719 749 750 751 752 753 754 755 756 757 758 768 769 774 827 838 1972 |
| 562 | Return of Stack Variable Address | Partially supported | |
| 563 | Assignment to Variable without Use | Supported | |
| 570 | Expression is Always False | Partially supported | |
| 571 | Expression is Always True | Partially supported | |
| 587 | Assignment of a Fixed Address to a Pointer | Partially supported | 4287 9010 |
| 590 | Free of Memory not on the Heap | Partially supported | |
| 591 | Sensitive Data Storage in Improperly Locked Memory | Not supported |
|
| 597 | Use of Wrong Operator in String Comparison | Partially supported | |
| 606 | Unchecked Input for Loop Condition | Not supported |
|
| 611 | Improper Restriction of XML External Entity Reference | Not supported |
|
| 628 | Function Call with Incorrectly Specified Arguments | Partially supported | |
| 662 | Improper Synchronization | Partially supported | |
| 664 | Improper Control of a Resource Through its Lifetime | Partially supported | |
| 665 | Improper Initialization | Partially supported | |
| 666 | Operation on Resource in Wrong Phase of Lifetime | Partially supported | |
| 667 | Improper Locking | Partially supported | |
| 672 | Operation on a Resource after Expiration or Release | Partially supported | |
| 675 | Multiple Operations on Resource in Single-Operation Context | Not supported |
|
| 676 | Use of Potentially Dangerous Function | Partially supported | |
| 680 | Integer Overflow to Buffer Overflow | Partially supported | |
| 681 | Incorrect Conversion between Numeric Types | Partially supported | |
| 682 | Incorrect Calculation | Partially supported | |
| 684 | Incorrect Provision of Specified Functionality | Not supported |
|
| 685 | Function Call With Incorrect Number of Arguments | Partially supported | 118 119 492 493 494 499 557 558 559 566 705 706 719 746 816 855 2401 2402 2403 2404 2405 2406 2407 |
| 686 | Function Call With Incorrect Argument Type | Partially supported | 426 492 493 494 499 557 558 559 566 705 706 719 816 855 2401 2402 2403 2404 2405 2406 2407 2601 |
| 687 | Function Call With Incorrectly Specified Argument Value | Partially supported | |
| 688 | Function Call With Incorrect Variable or Reference as Argument | Not supported |
|
| 689 | Permission Race Condition During Resource Copy | Not supported |
|
| 690 | Unchecked Return Value to NULL Pointer Dereference | Partially supported | |
| 696 | Incorrect Behavior Order | Not supported |
|
| 697 | Incorrect Comparison | Not supported |
|
| 704 | Incorrect Type Conversion or Cast | Partially supported | |
| 705 | Incorrect Control Flow Scoping | Partially supported | |
| 732 | Incorrect Permission Assignment for Critical Resource | Not supported |
|
| 733 | Compiler Optimization Removal or Modification of Security-critical Code | Not supported |
|
| 754 | Improper Check for Unusual or Exceptional Conditions | Not supported |
|
| 758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Partially supported | |
| 762 | Mismatched Memory Management Routines | Partially supported | |
| 766 | Critical Data Element Declared Public | Not supported |
|
| 767 | Access to Critical Private Variable via Public Method | Supported | |
| 768 | Incorrect Short Circuit Evaluation | Supported | |
| 771 | Missing Reference to Active Allocated Resource | Partially supported | |
| 772 | Missing Release of Resource after Effective Lifetime | Partially supported | |
| 773 | Missing Reference to Active File Descriptor or Handle | Partially supported | |
| 775 | Missing Release of File Descriptor or Handle after Effective Lifetime | Partially supported | |
| 781 | Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code | Not supported |
|
| 782 | Exposed IOCTL with Insufficient Access Control | Not supported |
|
| 783 | Operator Precedence Logic Error | Partially supported | |
| 785 | Use of Path Manipulation Function without Maximum-sized Buffer | Partially supported | |
| 786 | Access of Memory Location Before Start of Buffer | Supported | |
| 787 | Out-of-bounds Write | Supported | |
| 789 | Memory Allocation with Excessive Size Value | Partially supported | |
| 798 | Use of Hard-coded Credentials | Assistance provided8 | |
| 805 | Buffer Access with Incorrect Length Value | Partially supported | |
| 806 | Buffer Access Using Size of Source Buffer | Not supported |
|
| 825 | Expired Pointer Dereference | Partially supported | |
| 832 | Unlock of a Resource that is not Locked | Partially supported | |
| 833 | Deadlock | Partially supported | |
| 839 | Numeric Range Comparison Without Minimum Check | Partially supported | |
| 843 | Access of Resource Using Incompatible Type (‘Type Confusion’) | Partially supported | |
| 862 | Missing Authorization | Not statically checkable |
|
| 863 | Incorrect Authorization | Not statically checkable |
|
| 908 | Use of Uninitialized Resource | Supported | |
| 910 | Use of Expired File Descriptor | Partially supported | |
| 911 | Improper Update of Reference Count | Not supported |
|
| 918 | Server-Side Request Forgery (SSRF) | Not supported |
|
| 1325 | Improperly Controlled Sequential Memory Allocation | Not supported |
|
| 1335 | Incorrect Bitwise Shift of Integer | Supported | |
| 1341 | Multiple Releases of Same Resource or Handle | Partially supported | |
1Reports usage of the ZeroMemory function
2Reports usage of the system function
3Reports usage of the system function
4Reports usage of the mktemp, tmpnam, tmpnam_r, and tmpnam_s functions
5Reports usage of the exec functions
6Reports usage of the std::multimap, std::multiset, std::unordered_multimap, and std::unordered_multiset classes
7Reports usage of the exec functions
8Reports when a literal is provided as an argument to a function parameter with the "noliteral" argument Semantic; several Windows
API functions are marked as such and the -sem option can apply it to other functions as appropriate