| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 17<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 1. Scope 2. Normative references 3. Terms and definitions, symbols and conventions 3.1 Terms and definitions 3.1.1 Communication <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 3.1.2 Execution model <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 3.1.3 Properties 3.1.4 Safety <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 3.1.5 Vulnerabilities 3.2 Symbols and conventions 3.2.1 Symbols 3.2.2 Conventions <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 4. Basic concepts 4.1 Purpose of this Technical Report 4.2 Intended audience <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 4.3 How to use this document <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 5 Vulnerability issues 5.1 Predictable execution <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 5.2 Sources of unpredictability in language specification 5.2.1 Incomplete or evolving specification <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 5.2.2 Undefined behaviour 5.2.3 Unspecified behaviour 5.2.4 Implementation-defined behaviour 5.2.5 Difficult features 5.2.6 Inadequate language support 5.3 Sources of unpredictability in language usage 5.3.1 Porting and interoperation <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 5.3.2 Compiler selection and usage 6. Programming Language Vulnerabilities 6.1 General 6.2 Terminology <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 6.3 Type System [IHN] 6.3.1 Description of application vulnerability 6.3.2 Cross reference 6.3.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 6.3.4 Applicable language characteristics 6.3.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 6.3.6 Implications for standardization 6.4 Bit Representations [STR] 6.4.1 Description of application vulnerability 6.4.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 6.4.3 Mechanism of failure 6.4.4 Applicable language characteristics 6.4.5 Avoiding the vulnerability or mitigating its effects 6.4.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 6.5 Floating-point Arithmetic [PLF] 6.5.1 Description of application vulnerability 6.5.2 Cross reference 6.5.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 6.5.4 Applicable language characteristics 6.5.5 Avoiding the vulnerability or mitigating its effects 6.5.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 6.6 Enumerator Issues [CCB] 6.6.1 Description of application vulnerability 6.6.2 Cross reference 6.6.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 6.6.4 Applicable language Characteristics 6.6.5 Avoiding the vulnerability or mitigating its effects 6.6.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 6.7 Numeric Conversion Errors [FLC] 6.7.1 Description of application vulnerability 6.7.2 Cross reference 6.7.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 6.7.4 Applicable language characteristics 6.7.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 6.7.6 Implications for standardization 6.8 String Termination [CJM] 6.8.1 Description of application vulnerability 6.8.2 Cross reference 6.8.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 6.8.4 Applicable language characteristics 6.8.5 Avoiding the vulnerability or mitigating its effects 6.8.6 Implications for standardization 6.9 Buffer Boundary Violation (Buffer Overflow) [HCB] 6.9.1 Description of application vulnerability 6.9.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 6.9.3 Mechanism of failure 6.9.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 6.9.5 Avoiding the vulnerability or mitigating its effects 6.9.6 Implications for standardization 6.10 Unchecked Array Indexing [XYZ] 6.10.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 6.10.2 Cross reference 6.10.3 Mechanism of failure 6.10.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 6.10.5 Avoiding the vulnerability or mitigating its effects 6.10.6 Implications for standardization 6.11 Unchecked Array Copying [XYW] 6.11.1 Description of application vulnerability 6.11.2 Cross reference 6.11.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 6.11.4 Applicable language characteristics 6.11.5 Avoiding the vulnerability or mitigating its effects 6.11.6 Implications for standardization 6.12 Pointer Casting and Pointer Type Changes [HFC] 6.12.1 Description of application vulnerability 6.12.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 6.12.3 Mechanism of failure 6.12.4 Applicable language characteristics 6.12.5 Avoiding the vulnerability or mitigating its effects 6.12.6 Implications for standardization 6.13 Pointer Arithmetic [RVG] 6.13.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 6.13.2 Cross reference 6.13.3 Mechanism of failure 6.13.4 Applicable language characteristics 6.13.5 Avoiding the vulnerability or mitigating its effects 6.13.6 Implications for standardization 6.14 Null Pointer Dereference [XYH] 6.14.1 Description of application vulnerability 6.14.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 6.14.3 Mechanism of failure 6.14.4 Applicable language characteristics 6.14.5 Avoiding the vulnerability or mitigating its effects 6.14.6 Implications for standardization 6.15 Dangling Reference to Heap [XYK] 6.15.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | 6.15.2 Cross reference 6.15.3 Mechanism of failure 6.15.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 6.15.5 Avoiding the vulnerability or mitigating its effects 6.15.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 6.16 Arithmetic Wrap-around Error [FIF] 6.16.1 Description of application vulnerability 6.16.2 Cross reference 6.16.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 6.16.4 Applicable language characteristics 6.16.5 Avoiding the vulnerability or mitigating its effects 6.16.6 Implications for standardization 6.17 Using Shift Operations for Multiplication and Division [PIK] 6.17.1 Description of application vulnerability 6.17.2 Cross reference 6.17.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 6.17.4 Applicable language characteristics 6.17.5 Avoiding the vulnerability or mitigating its effects 6.17.6 Implications for standardization 6.18 Sign Extension Error [XZI] 6.18.1 Description of application vulnerability 6.18.2 Cross reference 6.18.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 6.18.4 Applicable language characteristics 6.18.5 Avoiding the vulnerability or mitigating its effects 6.18.6 Implications for standardization 6.19 Choice of Clear Names [NAI] 6.19.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | 6.19.2 Cross reference 6.19.3 Mechanism of Failure 6.19.4 Applicable language characteristics 6.19.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 6.19.6 Implications for standardization 6.20 Dead Store [WXQ] 6.20.1 Description of application vulnerability 6.20.2 Cross reference 6.20.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 6.20.4 Applicable language characteristics 6.20.5 Avoiding the vulnerability or mitigating its effects 6.20.6 Implications for standardization 6.21 Unused Variable [YZS] 6.21.1 Description of application vulnerability 6.21.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 6.21.3 Mechanism of failure 6.21.4 Applicable language characteristics 6.21.5 Avoiding the vulnerability or mitigating its effects 6.21.6 Implications for standardization 6.22 Identifier Name Reuse [YOW] 6.22.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 6.22.2 Cross reference 6.22.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 6.22.4 Applicable language characteristics 6.22.5 Avoiding the vulnerability or mitigating its effects 6.22.6 Implications for standardization 6.23 Namespace Issues [BJL] 6.23.1 Description of Application Vulnerability <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 6.23.2 Cross references 6.23.3 Mechanism of Failure <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 6.23.4 Applicable Language Characteristics 6.23.5 Avoiding the Vulnerability or Mitigating its Effects 6.23.6 Implications for Standardization 6.24 Initialization of Variables [LAV] 6.24.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | 6.24.2 Cross reference 6.24.3 Mechanism of failure 6.24.4 Applicable language characteristics 6.24.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 6.24.6 Implications for standardization 6.25 Operator Precedence\/Order of Evaluation [JCW] 6.25.1 Description of application vulnerability 6.25.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | 6.25.3 Mechanism of failure 6.25.4 Applicable language characteristics 6.25.5 Avoiding the vulnerability or mitigating its effects 6.25.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 6.26 Side-effects and Order of Evaluation [SAM] 6.26.1 Description of application vulnerability 6.26.2 Cross reference 6.26.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | 6.26.4 Applicable language characteristics 6.26.5 Avoiding the vulnerability or mitigating its effects 6.26.6 Implications for standardization 6.27 Likely Incorrect Expression [KOA] 6.27.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | 6.27.2 Cross reference 6.27.3 Mechanism of failure 6.27.4 Applicable language characteristics 6.27.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | 6.27.6 Implications for standardization 6.28 Dead and Deactivated Code [XYQ] 6.28.1 Description of application vulnerability 6.28.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 6.28.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | 6.28.4 Applicable language characteristics 6.28.5 Avoiding the vulnerability or mitigating its effects 6.28.6 Implications for standardization 6.29 Switch Statements and Static Analysis [CLL] 6.29.1 Description of application vulnerability 6.29.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | 6.29.3 Mechanism of failure 6.29.4 Applicable language characteristics 6.29.5 Avoiding the vulnerability or mitigating its effects 6.29.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 6.30 Demarcation of Control Flow [EOJ] 6.30.1 Description of application vulnerability 6.30.2 Cross reference 6.30.3 Mechanism of failure 6.30.4 Applicable language characteristics 6.30.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | 6.30.6 Implications for standardization 6.31 Loop Control Variables [TEX] 6.31.1 Description of application vulnerability 6.31.2 Cross reference 6.31.3 Mechanism of failure 6.31.4 Applicable language characteristics 6.31.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | 6.31.6 Implications for standardization 6.32 Off-by-one Error [XZH] 6.32.1 Description of application vulnerability 6.32.2 Cross reference 6.32.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | 6.32.4 Applicable language characteristics 6.32.5 Avoiding the vulnerability or mitigating its effects 6.32.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | 6.33 Structured Programming [EWD] 6.33.1 Description of application vulnerability 6.33.2 Cross reference 6.33.3 Mechanism of failure 6.33.4 Applicable language characteristics 6.33.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | 6.33.6 Implications for standardization 6.34 Passing Parameters and Return Values [CSJ] 6.34.1 Description of application vulnerability 6.34.2 Cross reference 6.34.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 6.34.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 81<\/td>\n | 6.34.5 Avoiding the vulnerability or mitigating its effects 6.34.6 Implications for standardization 6.35 Dangling References to Stack Frames [DCM] 6.35.1 Description of application vulnerability 6.35.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | 6.35.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | 6.35.4 Applicable language characteristics 6.35.5 Avoiding the vulnerability or mitigating its effects 6.35.6 Implications for standardization 6.36 Subprogram Signature Mismatch [OTR] 6.36.1 Description of application vulnerability 6.36.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | 6.36.3 Mechanism of failure 6.36.4 Applicable language characteristics 6.36.5 Avoiding the vulnerability or mitigating its effects 6.36.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | 6.37 Recursion [GDL] 6.37.1 Description of application vulnerability 6.37.2 Cross reference 6.37.3 Mechanism of failure 6.37.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | 6.37.5 Avoiding the vulnerability or mitigating its effects 6.37.6 Implications for standardization 6.38 Ignored Error Status and Unhandled Exceptions [OYB] 6.38.1 Description of application vulnerability 6.38.2 Cross reference 6.38.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | 6.38.4 Applicable language characteristics 6.38.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | 6.38.6 Implications for standardization 6.39 Termination Strategy [REU] 6.39.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | 6.39.2 Cross reference 6.39.3 Mechanism of failure 6.39.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | 6.39.5 Avoiding the vulnerability or mitigating its effects 6.39.6 Implications for standardization 6.40 Type-breaking Reinterpretation of Data [AMV] 6.40.1 Description of application vulnerability 6.40.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | 6.40.3 Mechanism of failure 6.40.4 Applicable language characteristics 6.40.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 92<\/td>\n | 6.40.6 Implications for standardization 6.41 Memory Leak [XYL] 6.41.1 Description of application vulnerability 6.41.2 Cross reference 6.41.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 93<\/td>\n | 6.41.4 Applicable language characteristics 6.41.5 Avoiding the vulnerability or mitigating its effects 6.41.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | 6.42 Templates and Generics [SYM] 6.42.1 Description of application vulnerability 6.42.2 Cross reference 6.42.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | 6.42.4 Applicable language characteristics 6.42.5 Avoiding the vulnerability or mitigating its effects 6.42.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | 6.43 Inheritance [RIP] 6.43.1 Description of application vulnerability 6.43.2 Cross reference 6.43.3 Mechanism of failure 6.43.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 97<\/td>\n | 6.43.5 Avoiding the vulnerability or mitigating its effects 6.43.6 Implications for standardization 6.44 Extra Intrinsics [LRM] 6.44.1 Description of application vulnerability 6.44.2 Cross reference 6.44.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | 6.44.4 Applicable language characteristics 6.44.5 Avoiding the vulnerability or mitigating its effects 6.44.6 Implications for standardization 6.45 Argument Passing to Library Functions [TRJ] 6.45.1 Description of application vulnerability 6.45.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 99<\/td>\n | 6.45.3 Mechanism of failure 6.45.4 Applicable language characteristics 6.45.5 Avoiding the vulnerability or mitigating its effects 6.45.6 Implications for standardization 6.46 Inter-language Calling [DJS] 6.46.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 100<\/td>\n | 6.46.2 Cross reference 6.46.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 101<\/td>\n | 6.46.4 Applicable language characteristics 6.46.5 Avoiding the vulnerability or mitigating its effects Software developers can avoid the vulnerability or mitigate its ill effects in the following ways: \uf0b7 Use the inter-language methods and syntax specified by the applicable language standard(s). For example, Fortran and Ada specify how to call C functions. \uf0b7 Understand the calling conventions of all languages used. \uf0b7 For items comprising the inter-language interface: o Understand the data layout of all data types used. o Understand the return conventions of all languages used. o Avoid assuming that the language makes a distinction between upper case and lower case letters in identifiers. o Avoid using a special character as the first character in identifiers. o Avoid using long identifier names. 6.46.6 Implications for standardization In future standardization activities, the following items should be considered: \uf0b7 Standards committees should consider developing standard provisions for inter-language calling with languages most often used with their programming language. 6.47 Dynamically-linked Code and Self-modifying Code [NYY] 6.47.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 102<\/td>\n | 6.47.2 Cross reference 6.47.3 Mechanism of failure 6.47.4 Applicable language characteristics 6.47.5 Avoiding the vulnerability or mitigating its effects 6.47.6 Implications for standardization 6.48 Library Signature [NSQ] 6.48.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 103<\/td>\n | 6.48.2 Cross reference 6.48.3 Mechanism of failure 6.48.4 Applicable language characteristics 6.48.5 Avoiding the vulnerability or mitigating its effects 6.48.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 104<\/td>\n | 6.49 Unanticipated Exceptions from Library Routines [HJW] 6.49.1 Description of application vulnerability 6.49.2 Cross reference 6.49.3 Mechanism of failure 6.49.4 Applicable language characteristics 6.49.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 105<\/td>\n | 6.49.6 Implications for standardization 6.50 Pre-processor Directives [NMP] 6.50.1 Description of application vulnerability 6.50.2 Cross reference 6.50.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 106<\/td>\n | 6.50.4 Applicable language characteristics 6.50.5 Avoiding the vulnerability or mitigating its effects 6.50.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | 6.51 Suppression of Language-defined Run-time Checking [MXB] 6.51.1 Description of application vulnerability 6.51.2 Cross reference 6.51.3 Mechanism of Failure 6.51.4 Applicable language characteristics 6.51.5 Avoiding the vulnerability 6.51.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 108<\/td>\n | 6.52 Provision of Inherently Unsafe Operations [SKL] 6.52.1 Description of application vulnerability 6.52.2 Cross reference 6.52.3 Mechanism of Failure 6.52.4 Applicable language characteristics 6.52.5 Avoiding the vulnerability <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | 6.53 Obscure Language Features [BRS] 6.53.1 Description of application vulnerability 6.53.2 Cross reference 6.53.3 Mechanism of failure 6.53.4 Applicable language characteristics 6.53.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 110<\/td>\n | 6.53.6 Implications for standardization 6.54 Unspecified Behaviour [BQF] 6.54.1 Description of application vulnerability 6.54.2 Cross reference 6.54.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 111<\/td>\n | 6.54.4 Applicable language characteristics 6.54.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 112<\/td>\n | 6.54.6 Implications for standardization 6.55 Undefined Behaviour [EWF] 6.55.1 Description of application vulnerability 6.55.2 Cross reference 6.55.3 Mechanism of failure 6.55.4 Applicable language characteristics 6.55.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 113<\/td>\n | 6.55.6 Implications for standardization 6.56 Implementation-defined Behaviour [FAB] 6.56.1 Description of application vulnerability 6.56.2 Cross reference 6.56.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 114<\/td>\n | 6.56.4 Applicable language characteristics 6.56.5 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 115<\/td>\n | 6.56.6 Implications for standardization 6.57 Deprecated Language Features [MEM] 6.57.1 Description of application vulnerability 6.57.2 Cross reference 6.57.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 116<\/td>\n | 6.57.4 Applicable language characteristics 6.57.5 Avoiding the vulnerability or mitigating its effects 6.57.6 Implications for standardization 7. Application Vulnerabilities 7.1 General <\/td>\n<\/tr>\n | ||||||
| 117<\/td>\n | 7.2 Terminology 7.3 Unspecified Functionality [BVQ] 7.3.1 Description of application vulnerability 7.3.2 Cross reference 7.3.3 Mechanism of failure 7.3.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 118<\/td>\n | 7.4 Distinguished Values in Data Types [KLK] 7.4.1 Description of application vulnerability 7.4.2 Cross reference 7.4.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 119<\/td>\n | 7.4.4 Avoiding the vulnerability or mitigating its effects 7.5 Adherence to Least Privilege [XYN] 7.5.1 Description of application vulnerability 7.5.2 Cross reference 7.5.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 120<\/td>\n | 7.5.4 Avoiding the vulnerability or mitigating its effects 7.6 Privilege Sandbox Issues [XYO] 7.6.1 Description of application vulnerability 7.6.2 Cross reference 7.6.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 121<\/td>\n | 7.6.4 Avoiding the vulnerability or mitigating its effects 7.7 Executing or Loading Untrusted Code [XYS] 7.7.1 Description of application vulnerability 7.7.2 Cross reference 7.7.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 122<\/td>\n | 7.7.4 Avoiding the vulnerability or mitigating its effects 7.7.5 Implications for standardization 7.8 Memory Locking [XZX] 7.8.1 Description of application vulnerability 7.8.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 123<\/td>\n | 7.8.3 Mechanism of failure 7.8.4 Avoiding the vulnerability or mitigating its effects 7.8.5 Implications for standardization 7.9 Resource Exhaustion [XZP] 7.9.1 Description of application vulnerability 7.9.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 124<\/td>\n | 7.9.3 Mechanism of failure 7.9.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 125<\/td>\n | 7.10 Unrestricted File Upload [CBF] 7.10.2 Cross reference 7.10.3 Mechanism of failure 7.10.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 126<\/td>\n | 7.10.5 Implications for standardization 7.11 Resource Names [HTS] 7.11.1 Description of application vulnerability 7.11.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 127<\/td>\n | 7.11.3 Mechanism of Failure 7.11.4 Avoiding the vulnerability or mitigating its effects 7.11.5 Implications for standardization 7.12 Injection [RST] 7.12.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 128<\/td>\n | 7.12.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 129<\/td>\n | 7.12.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 130<\/td>\n | 7.12.4 Avoiding the vulnerability or mitigating its effects 7.13 Cross-site Scripting [XYT] 7.13.1 Description of application vulnerability 7.13.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 131<\/td>\n | 7.13.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 132<\/td>\n | 7.13.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 133<\/td>\n | 7.14 Unquoted Search Path or Element [XZQ] 7.14.1 Description of application vulnerability 7.14.2 Cross reference 7.14.3 Mechanism of failure 7.14.4 Avoiding the vulnerability or mitigating its effects 7.15 Improperly Verified Signature [XZR] 7.15.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 134<\/td>\n | 7.15.2 Cross reference 7.15.3 Mechanism of failure 7.15.4 Avoiding the vulnerability or mitigating its effects 7.15.5 Implications for standardization 7.16 Discrepancy Information Leak [XZL] 7.16.1 Description of application vulnerability 7.16.2 Cross reference 7.16.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 135<\/td>\n | 7.16.4 Avoiding the vulnerability or mitigating its effects 7.17 Sensitive Information Uncleared Before Use [XZK] 7.17.1 Description of application vulnerability 7.17.2 Cross reference 7.17.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 136<\/td>\n | 7.17.4 Avoiding the vulnerability or mitigating its effects 7.18 Path Traversal [EWR] 7.18.1 Description of application vulnerability 7.18.2 Cross reference 7.18.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 137<\/td>\n | 7.18.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 138<\/td>\n | 7.19 Missing Required Cryptographic Step [XZS] 7.19.1 Description of application vulnerability 7.19.2 Cross reference 7.19.3 Mechanism of failure 7.19.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 139<\/td>\n | 7.20 Insufficiently Protected Credentials [XYM] 7.20.1 Description of application vulnerability 7.20 .2 Cross reference 7.20.3 Mechanism of failure 7.20.4 Avoiding the vulnerability or mitigating its effects <\/td>\n<\/tr>\n | ||||||
| 140<\/td>\n | 7.21 Missing or Inconsistent Access Control [XZN] 7.21.1 Description of application vulnerability 7.21.2 Cross reference 7.21.3 Mechanism of failure 7.21.4 Avoiding the vulnerability or mitigating its effects 7.22 Authentication Logic Error [XZO] 7.22.1 Description of application vulnerability 7.22.2 Cross reference <\/td>\n<\/tr>\n | ||||||
| 141<\/td>\n | 7.22.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 142<\/td>\n | 7.22.4 Avoiding the vulnerability or mitigating its effects 7.23 Hard-coded Password [XYP] 7.23.1 Description of application vulnerability 7.23.2 Cross reference 7.23.3 Mechanism of failure <\/td>\n<\/tr>\n | ||||||
| 143<\/td>\n | 7.23.4 Avoiding the vulnerability or mitigating its effects 8. New Vulnerabilities 8.1 General 8.2 Terminology 8.3 Concurrency \u2013 Activation [CGA] 8.3.1 Description of application vulnerability <\/td>\n<\/tr>\n | ||||||
| 144<\/td>\n | 8.3.2 Cross References 8.3.3 Mechanism of Failure 8.3.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 145<\/td>\n | 8.3.5 Avoiding the vulnerability or mitigating its effects 8.3.6 Implications for standardization 8.4 Concurrency \u2013 Directed termination [CGT] 8.4.1 Description of application vulnerability 8.4.2 Cross references <\/td>\n<\/tr>\n | ||||||
| 146<\/td>\n | 8.4.3 Mechanism of failure 8.4.4 Applicable language characteristics 8.4.5 Avoiding the vulnerability or mitigating its effect 8.4.6 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 147<\/td>\n | 8.5 Concurrent Data Access [CGX] 8.5.1 Description of application vulnerability 8.5.2 Cross references 8.5.3 Mechanism of failure 8.5.4 Applicable language characteristics 8.5.5 Avoiding the vulnerability or mitigating its effect <\/td>\n<\/tr>\n | ||||||
| 148<\/td>\n | 8.5.6 Implications for standardization 8.6 Concurrency \u2013 Premature Termination [CGS] 8.6.1 Description of application vulnerability 8.6.2 Cross references <\/td>\n<\/tr>\n | ||||||
| 149<\/td>\n | 8.6.3 Mechanism of failure 8.6.4 Applicable language characteristics 8.6.5 Avoiding the vulnerability or mitigating its effect <\/td>\n<\/tr>\n | ||||||
| 150<\/td>\n | 8.6.6 Implications for standardization 8.7 Protocol Lock Errors [CGM] 8.7.1 Description of application vulnerability 8.7.2 Cross references <\/td>\n<\/tr>\n | ||||||
| 151<\/td>\n | 8.7.3 Mechanism of failure 8.7.4 Applicable language characteristics <\/td>\n<\/tr>\n | ||||||
| 152<\/td>\n | 8.7.5 Avoiding the vulnerability or mitigating its effect 8.7.6 Implications for standardization 8.8 Inadequately Secure Communication of Shared Resources [CGY] 8.8.1 Description of application vulnerability 8.8.2 Cross references <\/td>\n<\/tr>\n | ||||||
| 153<\/td>\n | 8.8.3 Mechanism of failure 8.8.4 Avoiding the vulnerability or mitigating its effect <\/td>\n<\/tr>\n | ||||||
| 154<\/td>\n | Annex A (informative) Vulnerability Taxonomy and List A.1 General A.2 Outline of Programming Language Vulnerabilities <\/td>\n<\/tr>\n | ||||||
| 156<\/td>\n | A.3 Outline of Application Vulnerabilities A.4 Vulnerability List <\/td>\n<\/tr>\n | ||||||
| 159<\/td>\n | Annex B (informative) Language Specific Vulnerability Template <\/td>\n<\/tr>\n | ||||||
| 161<\/td>\n | Annex C (informative) Vulnerability descriptions for the language Ada C.1 Identification of standards and associated documentation C.2 General terminology and concepts <\/td>\n<\/tr>\n | ||||||
| 167<\/td>\n | C.3 Type System [IHN] C.3.1 Applicability to language C.3.2 Guidance to language users C.4 Bit Representation [STR] C.4.1 Applicability to language C.4.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 168<\/td>\n | C.5 Floating-point Arithmetic [PLF] C.5.1 Applicability to language C.5.2 Guidance to language users C.6 Enumerator Issues [CCB] C.6.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 169<\/td>\n | C.6.2 Guidance to language users C.7 Numeric Conversion Errors [FLC] C.7.1 Applicability to language C.7.2 Guidance to language users C.8 String Termination [CJM] <\/td>\n<\/tr>\n | ||||||
| 170<\/td>\n | C.9 Buffer Boundary Violation (Buffer Overflow) [HCB] C.10 Unchecked Array Indexing [XYZ] C.10.1 Applicability to language C.10.2 Guidance to language users C.11 Unchecked Array Copying [XYW] C.12 Pointer Casting and Pointer Type Changes [HFC] C.12.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 171<\/td>\n | C.12.2 Guidance to language users C.13 Pointer Arithmetic [RVG] C.14 Null Pointer Dereference [XYH] C.15 Dangling Reference to Heap [XYK] C.15.1 Applicability to language C.15.2 Guidance to language users C.16 Arithmetic Wrap-around Error [FIF] <\/td>\n<\/tr>\n | ||||||
| 172<\/td>\n | C.17 Using Shift Operations for Multiplication and Division [PIK] C.18 Sign Extension Error [XZI] C.19 Choice of Clear Names [NAI] C.19.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 173<\/td>\n | C.19.2 Guidance to language users C.20 Dead store [WXQ] C.20.1 Applicability to language C.20.2 Guidance to Language Users C.21 Unused Variable [YZS] C.21.1 Applicability to language C.21.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 174<\/td>\n | C.22 Identifier Name Reuse [YOW] C.22.1 Applicability to language C.22.2 Guidance to language users C.23 Namespace Issues [BJL] C.24 Initialization of Variables [LAV] C.24.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 175<\/td>\n | C.24.2 Guidance to language users C.25 Operator Precedence\/Order of Evaluation [JCW] C.25.1 Applicability to language C.25.2 Guidance to language users C.26 Side-effects and Order of Evaluation [SAM] C.26.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 176<\/td>\n | C.26.2 Guidance to language users C.27 Likely Incorrect Expression [KOA] C.27.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 177<\/td>\n | C.27.2 Guidance to language users C.28 Dead and Deactivated Code [XYQ] C.28.1 Applicability to language C.28.2 Guidance to language users C.29 Switch Statements and Static Analysis [CLL] C.29.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 178<\/td>\n | C.29.2 Guidance to language users C.30 Demarcation of Control Flow [EOJ] C.31 Loop Control Variables [TEX] C.32 Off-by-one Error [XZH] C.32.1 Applicability to language Confusion between the need for < and and >= in a test. Confusion as to the index range of an algorithm. <\/td>\n<\/tr>\n | ||||||
| 179<\/td>\n | Failing to allow for storage of a sentinel value. C.32.2 Guidance to language users C.33 Structured Programming [EWD] C.33.1 Applicability to language C.33.2 Guidance to language users C.34 Passing Parameters and Return Values [CSJ] C.34.1 Applicability to language C.34.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 180<\/td>\n | C.35 Dangling References to Stack Frames [DCM] C.35.1 Applicability to language C.35.2 Guidance to language users C.36 Subprogram Signature Mismatch [OTR] C.36.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 181<\/td>\n | C.36.2 Guidance to language users C.37 Recursion [GDL] C.37.1 Applicability to language C.37.2 Guidance to language users C.38 Ignored Error Status and Unhandled Exceptions [OYB] C.38.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 182<\/td>\n | C.38.2 Guidance to language users C.39 Termination Strategy [REU] C.39.1 Applicability to language C.39.2 Guidance to language users C.40 Type-breaking Reinterpretation of Data [AMV] C.40.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 183<\/td>\n | C.40.2 Guidance to language users C.41 Memory Leak [XYL] C.41.1 Applicability to language C.41.2 Guidance to language users C.42 Templates and Generics [SYM] <\/td>\n<\/tr>\n | ||||||
| 184<\/td>\n | C.43 Inheritance [RIP] C.43.1 Applicability to language C.43.2 Guidance to language users C.44 Extra Intrinsics [LRM] C.45 Argument Passing to Library Functions [TRJ] C.45.1 Applicability to language C.45.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 185<\/td>\n | C.46 Inter-language Calling [DJS] C.46.1 Applicability to Language C.46.2 Guidance to Language Users C.47 Dynamically-linked Code and Self-modifying Code [NYY] C.48 Library Signature [NSQ] C.48.1 Applicability to language C.48.2 Guidance to language users C.49 Unanticipated Exceptions from Library Routines [HJW] C.49.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 186<\/td>\n | C.49.2 Guidance to language users C.50 Pre-Processor Directives [NMP] C.51 Suppression of Language-defined Run-time Checking [MXB] C.51.1 Applicability to Language C.51.2 Guidance to Language Users C.52 Provision of Inherently Unsafe Operations [SKL] C.52.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 187<\/td>\n | C.53 Obscure Language Features [BRS] C.53.1 Applicability to language C.53.2 Guidance to language users C.54 Unspecified Behaviour [BQF] C.54.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 188<\/td>\n | C.54.2 Guidance to language users C.55 Undefined Behaviour [EWF] C.55.1 Applicability to language C.55.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 189<\/td>\n | C.56 Implementation-Defined Behaviour [FAB] C.56.1 Applicability to language C.56.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 190<\/td>\n | C.57 Deprecated Language Features [MEM] C.57.1 Applicability to language C.57.2 Guidance to language users C.58 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 192<\/td>\n | Annex D (informative) Vulnerability descriptions for the language C D.1 Identification of standards and associated documents D.2 General terminology and concepts <\/td>\n<\/tr>\n | ||||||
| 195<\/td>\n | D.3 Type System [IHN] D.3.1 Applicability to language D.3.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 196<\/td>\n | D.4 Bit Representations [STR] D.4.1 Applicability to language D.4.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 197<\/td>\n | D.5 Floating-point Arithmetic [PLF] D.5.1 Applicability to language D.5.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 198<\/td>\n | D.6 Enumerator Issues [CCB] D.6.1 Applicability to language D.6.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 199<\/td>\n | D.7 Numeric Conversion Errors [FLC] D.7.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 200<\/td>\n | D.7.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 201<\/td>\n | D.8 String Termination [CJM] D.8.1 Applicability to language D.8.2 Guidance to language users D.9 Buffer Boundary Violation (Buffer Overflow) [HCB] D.9.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 202<\/td>\n | D.9.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 203<\/td>\n | D.10 Unchecked Array Indexing [XYZ] D.10.1 Applicability to language D.10.2 Guidance to language users D.11 Unchecked Array Copying [XYW] D.11.1 Applicability to language D.11.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 204<\/td>\n | D.12 Pointer Casting and Pointer Type Changes [HFC] D.12.1 Applicability to language D.12.2 Guidance to language users D.13 Pointer Arithmetic [RVG] D.13.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 205<\/td>\n | D.13.2 Guidance to language users D.14 Null Pointer Dereference [XYH] D.14.1 Applicability to language D.14.2 Guidance to language users D.15 Dangling Reference to Heap [XYK] D.15.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 207<\/td>\n | D.15.2 Guidance to language users D.16 Arithmetic Wrap-around Error [FIF] D.16.1 Applicability to language D.16.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 208<\/td>\n | D.17 Using Shift Operations for Multiplication and Division [PIK] D.17.1 Applicability to language D.17.2 Guidance to language users D.18 Sign Extension Error [XZI] D.19 Choice of Clear Names [NAI] D.19.1 Applicability to language D.19.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 209<\/td>\n | D.20 Dead Store [WXQ] D.20.1 Applicability to Language D.20.2 Guidance to Language Users D.21 Unused Variable [YZS] D.21.1 Applicability to language D.21.2 Guidance to language users D.22 Identifier Name Reuse [YOW] D.22.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 210<\/td>\n | D.22.2 Guidance to language users D.23 Namespace Issues [BJL] D.24 Initialization of Variables [LAV] D.24.1 Applicability to language D.24.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 211<\/td>\n | D.25 Operator Precedence\/Order of Evaluation [JCW] D.25.1 Applicability to language D.25.2 Guidance to language users D.26 Side-effects and Order of Evaluation [SAM] D.26.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 212<\/td>\n | D.26.2 Guidance to language users D.27 Likely Incorrect Expression [KOA] D.27.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 213<\/td>\n | D.27.2 Guidance to language users D.28 Dead and Deactivated Code [XYQ] D.28.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 214<\/td>\n | D.28.2 Guidance to language users D.29 Switch Statements and Static Analysis [CLL] D.29.1 Applicability to language D.29.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 215<\/td>\n | D.30 Demarcation of Control Flow [EOJ] D.30.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 216<\/td>\n | D.30.2 Guidance to language users D.31 Loop Control Variables [TEX] D.31.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 217<\/td>\n | D.31.2 Guidance to language users D.32 Off-by-one Error [XZH] D.32.1 Applicability to language D.32.2 Guidance to language users D.33 Structured Programming [EWD] D.33.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 218<\/td>\n | D.33.2 Guidance to language users D.34 Passing Parameters and Return Values [CSJ] D.34.1 Applicability to language D.34.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 219<\/td>\n | D.35 Dangling References to Stack Frames [DCM] D.35.1 Applicability to language D.35.2 Guidance to language users D.36 Subprogram Signature Mismatch [OTR] D.36.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 220<\/td>\n | D.36.2 Guidance to language users D.37 Recursion [GDL] D.37.1 Applicability to language D.37.2 Guidance to language users D.38 Ignored Error Status and Unhandled Exceptions [OYB] D.38.1 Applicability to language D.38.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 221<\/td>\n | D.39 Termination Strategy [REU] D.39.1 Applicability to language D.39.2 Guidance to language users D.40 Type-breaking Reinterpretation of Data [AMV] D.40.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 222<\/td>\n | D.40.2 Guidance to language users D.41 Memory Leak [XYL] D.41.1 Applicability to language D.41.2 Guidance to language users D.42 Templates and Generics [SYM] D.43 Inheritance [RIP] D.44 Extra Intrinsics [LRM] <\/td>\n<\/tr>\n | ||||||
| 223<\/td>\n | D.45 Argument Passing to Library Functions [TRJ] D.45.1 Applicability to language D.45.2 Guidance to language users D.46 Inter-language Calling [DJS] D.47 Dynamically-linked Code and Self-modifying Code [NYY] D.47.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 224<\/td>\n | D.47.2 Guidance to language users D.48 Library Signature [NSQ] D.48.1 Applicability to language D.48.2 Guidance to language users D.49 Unanticipated Exceptions from Library Routines [HJW] D.49.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 225<\/td>\n | D.49.2 Guidance to language users D.50 Pre-processor Directives [NMP] D.50.1 Applicability to language D.50.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 226<\/td>\n | D.51 Suppression of Language-defined Run-time Checking [MXB] D.52 Provision of Inherently Unsafe Operations [SKL] D.52.1 Applicability to language D.52.2 Guidance to language users D.53 Obscure Language Features [BRS] D.53.1 Applicability to language D.53.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 227<\/td>\n | D.54 Unspecified Behaviour [BQF] D.54.1 Applicability to language D.54.2 Guidance to language users D.55 Undefined Behaviour [EWF] D.55.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 228<\/td>\n | D.55.2 Guidance to language users D.56 Implementation-defined Behaviour [FAB] D.56.1 Applicability to language D.56.2 Guidance to language users D.57 Deprecated Language Features [MEM] D.57.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 229<\/td>\n | D.57.2 Guidance to language users D.58 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 232<\/td>\n | Annex E (informative) Vulnerability descriptions for the language Python E.1 Identification of standards and associated documents <\/td>\n<\/tr>\n | ||||||
| 233<\/td>\n | E.2 General Terminology and Concepts E.2.1 General Terminology <\/td>\n<\/tr>\n | ||||||
| 236<\/td>\n | E.2.2 Key Concepts <\/td>\n<\/tr>\n | ||||||
| 237<\/td>\n | E.3 Type System [IHN] E.3.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 239<\/td>\n | E.3.2 Guidance to language users E.4 Bit Representations [STR] E.4.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 240<\/td>\n | E.4.2 Guidance to language users E.5 Floating-point Arithmetic [PLF] E.5.1 Applicability to language E.5.2 Guidance to language users E.6 Enumerator Issues [CCB] E.6.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 241<\/td>\n | E.6.2 Guidance to language users E.7 Numeric Conversion Errors [FLC] E.7.1 Applicability to language E.7.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 242<\/td>\n | E.8 String Termination [CJM] E.9 Buffer Boundary Violation [HCB] E.10 Unchecked Array Indexing [XYZ] E.11 Unchecked Array Copying [XYW] E.12 Pointer Casting and Pointer Type Changes [HFC] E.13 Pointer Arithmetic [RVG] E.14 Null Pointer Dereference [XYH] E.15 Dangling Reference to Heap [XYK] <\/td>\n<\/tr>\n | ||||||
| 243<\/td>\n | E.16 Arithmetic Wrap-around Error [FIF] E.16.1 Applicability to language E.16.2 Guidance to language users E.17 Using Shift Operations for Multiplication and Division [PIK] E.17.1 Applicability to language E.18 Sign Extension Error [XZI] E.19 Choice of Clear Names [NAI] E.19.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 245<\/td>\n | E.19.2 Guidance to language users E.20 Dead Store [WXQ] E.20.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 246<\/td>\n | E.20.2 Guidance to language users E.21 Unused Variable [YZS] E.22 Identifier Name Reuse [YOW] E.22.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 248<\/td>\n | E.22.2 Guidance to language users E.23 Namespace Issues [BJL] E.23.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 250<\/td>\n | E.23.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 251<\/td>\n | E.24 Initialization of Variables [LAV] E.24.1 Applicability of language E.24.2 Guidance to language users E.25 Operator Precedence\/Order of Evaluation [JCW] E.25.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 252<\/td>\n | E.25.2 Guidance to language users E.26 Side-effects and Order of Evaluation [SAM] E.26.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 253<\/td>\n | E.26.2 Guidance to language users E.27 Likely Incorrect Expression [KOA] E.27.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 254<\/td>\n | E.27.2 Guidance to language users E.28 Dead and Deactivated Code [XYQ] E.28.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 255<\/td>\n | E.28.2 Guidance to language users E.29 Switch Statements and Static Analysis [CLL] E.29.1 Applicability to language E.29.2 Guidance to language users E.30 Demarcation of Control Flow [EOJ] E.30.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 256<\/td>\n | E.30.2 Guidance to language users E.31 Loop Control Variables [TEX] E.31.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 257<\/td>\n | E.31.2 Guidance to language users E.32 Off-by-one Error [XZH] E.32.1 Applicability to language E.32.2 Guidance to language users E.33 Structured Programming [EWD] E.33.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 258<\/td>\n | E.33.2 Guidance to language users E.34 Passing Parameters and Return Values [CSJ] E.34.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 259<\/td>\n | E.34.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 260<\/td>\n | E.35 Dangling References to Stack Frames [DCM] E.36 Subprogram Signature Mismatch [OTR] E.36.1 Applicability to language E.36.2 Guidance to language users E.37 Recursion [GDL] E.37.1 Applicability to language E.37.2 Guidance to language users E.38 Ignored Error Status and Unhandled Exceptions [OYB] E.38.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 261<\/td>\n | E.38.2 Guidance to language users E.39 Termination Strategy [REU] E.39.1 Applicability to language E.39.2 Guidance to language users E.40 Type-breaking Reinterpretation of Data [AMV] E.41 Memory Leak [XYL] E.41.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 262<\/td>\n | E.41.2 Guidance to language users E.42 Templates and Generics [SYM] E.43 Inheritance [RIP] E.43.1 Applicability to language E.43.2 Guidance to language users E.44 Extra Intrinsics [LRM] E.44.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 263<\/td>\n | E.44.2 Guidance to language users E.45 Argument Passing to Library Functions [TRJ] E.45.1 Applicability to language E.45.2 Guidance to language users E.46 Inter-language Calling [DJS] E.46.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 264<\/td>\n | E.46.2 Guidance to language users E.47 Dynamically-linked Code and Self-modifying Code [NYY] E.47.1 Applicability to language E.47.2 Guidance to language users E.48 Library Signature [NSQ] E.48.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 265<\/td>\n | E.48.2 Guidance to language users E.49 Unanticipated Exceptions from Library Routines [HJW] E.49.1 Applicability to language E.49.2 Guidance to language users E.50 Pre-processor Directives [NMP] E.51 Suppression of Language-defined Run-time Checking [MXB] E.52 Provision of Inherently Unsafe Operations [SKL] E.52.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 266<\/td>\n | E.52.2 Guidance to language users E.53 Obscure Language Features [BRS] E.53.1 Applicability of language <\/td>\n<\/tr>\n | ||||||
| 268<\/td>\n | E.53.2 Guidance to language users E.54 Unspecified Behaviour [BQF] E.54.1 Applicability of language <\/td>\n<\/tr>\n | ||||||
| 269<\/td>\n | E.54.2 Guidance to language users E.55 Undefined Behaviour [EWF] E.55.1 Applicability to language E.55.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 270<\/td>\n | E.56 Implementation\u2013defined Behaviour [FAB] E.56.1 Applicability to language E.56.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 271<\/td>\n | E.57 Deprecated Language Features [MEM] E.57.1 Applicability to language E.57.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 272<\/td>\n | Annex F (informative) Vulnerability descriptions for the language Ruby F.1 Identification of standards and associated documents F.2 General Terminology and Concepts <\/td>\n<\/tr>\n | ||||||
| 273<\/td>\n | F.3 Type System [IHN] F.3.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 274<\/td>\n | F.3.2 Guidance to language users F.4 Bit Representations [STR] F.4.1 Applicability to language F.4.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 275<\/td>\n | F.5 Floating-point Arithmetic [PLF] F.5.1 Applicability to language F.5.2 Guidance to language users F.6 Enumerator Issues [CCB] F.6.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 276<\/td>\n | F.6.2 Guidance to language users F.7 Numeric Conversion Errors [FLC] F.7.1 Applicability to language F.7.2 Guidance to language users F.8 String Termination [CJM] F.9 Buffer Boundary Violation (Buffer Overflow) [HCB] F.10 Unchecked Array Indexing [XYZ] F.11 Unchecked Array Copying [XYW] F.12 Pointer Casting and Pointer Type Changes [HFC] <\/td>\n<\/tr>\n | ||||||
| 277<\/td>\n | F.13 Pointer Arithmetic [RVG] F.14 Null Pointer Dereference [XYH] F.15 Dangling Reference to Heap [XYK] F.16 Arithmetic Wrap-around Error [FIF] F.17 Using Shift Operations for Multiplication and Division [PIK] F.18 Sign Extension Error [XZI] F.19 Choice of Clear Names [NAI] F.19.1 Applicability to language F.19.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 278<\/td>\n | F.20 Dead Store [WXQ] F.20.1 Applicability to language F.20.2 Guidance to language users F.21 Unused Variable [YZS] F.21.1 Applicability to language F.21.2 Guidance to language users F.22 Identifier Name Reuse [YOW] F.22.1 Applicability to language F.22.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 279<\/td>\n | F.23 Namespace Issues [BJL] F.23.1 Applicability to language F.23.2 Guidance to language users F.24 Initialization of Variables [LAV] F.25 Operator Precedence\/Order of Evaluation [JCW] F.25.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 280<\/td>\n | F.25.2 Guidance to language users F.26 Side-effects and Order of Evaluation [SAM] F.26.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 281<\/td>\n | F.26.2 Guidance to language users F.27 Likely Incorrect Expression [KOA] F.27.1 Applicability to language F.27.2 Guidance to language users F.28 Dead and Deactivated Code [XYQ] F.28.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 282<\/td>\n | F.28.2 Guidance to language users F.29 Switch Statements and Static Analysis [CLL] F.29.1 Applicability to language F.29.2 Guidance to language users F.30 Demarcation of Control Flow [EOJ] F.31 Loop Control Variables [TEX] F.31.1 Applicability to language F.31.2 Guidance to language users F.32 Off-by-one Error [XZH] F.32.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 283<\/td>\n | F.32.2 Guidance to language users F.33 Structured Programming [EWD] F.33.1 Applicability to language F.33.2 Guidance to language users F.34 Passing Parameters and Return Values [CSJ] F.34.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 284<\/td>\n | F.34.2 Guidance to language users F.35 Dangling References to Stack Frames [DCM] F.36 Subprogram Signature Mismatch [OTR] F.36.1 Applicability to language F.36.2 Guidance to language users <\/td>\n<\/tr>\n | ||||||
| 285<\/td>\n | F.37 Recursion [GDL] F.37.1 Applicability to language F.37.2 Guidance to language users F.38 Ignored Error Status and Unhandled Exceptions [OYB] F.38.1 Applicability to language F.38.2 Guidance to language users F.39 Termination Strategy [REU] F.39.1 Applicability to language F.39.2 Guidance to language users F.40 Type-breaking Reinterpretation of Data [AMV] F.41 Memory Leak [XYL] <\/td>\n<\/tr>\n | ||||||
| 286<\/td>\n | F.42 Templates and Generics [SYM] F.43 Inheritance [RIP] F.43.1 Applicability to language F.43.2 Guidance to language users F.44 Extra Intrinsics [LRM] F.45 Argument Passing to Library Functions [TRJ] F.45.1 Applicability to language F.45.2 Guidance to language users F.46 Inter-language Calling [DJS] F.46.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 287<\/td>\n | F.46.2 Guidance to language users F.47 Dynamically-linked Code and Self-modifying Code [NYY] F.47.1 Applicability to language F.47.2 Guidance to language users F.48 Library Signature [NSQ] F.48.1 Applicability to language F.48.2 Guidance to language users F.49 Unanticipated Exceptions from Library Routines [HJW] F.49.1 Applicability to language F.49.2 Guidance to language users F.50 Pre-processor Directives [NMP] <\/td>\n<\/tr>\n | ||||||
| 288<\/td>\n | F.51 Suppression of Language-defined Run-time Checking [MXB] F.52 Provision of Inherently Unsafe Operations [SKL] F.53 Obscure Language Features [BRS] F.54 Unspecified Behaviour [BQF] F.54.1 Applicability of language F.54.2 Guidance to language users F.55 Undefined Behaviour [EWF] F.55.1 Applicability to language <\/td>\n<\/tr>\n | ||||||
| 289<\/td>\n | F.55.2 Guidance to language users F.56 Implementation-defined Behaviour [FAB] F.56.1 Applicability to language F.56.2 Guidance to language users F.57 Deprecated Language Features [MEM] <\/td>\n<\/tr>\n | ||||||
| 290<\/td>\n | Annex G (informative) Vulnerability descriptions for the language SPARK G.1 Identification of standards and associated documentation G.2 General terminology and concepts <\/td>\n<\/tr>\n | ||||||
| 291<\/td>\n | G.3 Type System [IHN] <\/td>\n<\/tr>\n | ||||||
| 292<\/td>\n | G.4 Bit Representation [STR] G.5 Floating-point Arithmetic [PLF] G.6 Enumerator Issues [CCB] G.7 Numeric Conversion Errors [FLC] G.8 String Termination [CJM] G.9 Buffer Boundary Violation (Buffer Overflow) [HCB] G.10 Unchecked Array Indexing [XYZ] G.11 Unchecked Array Copying [XYW] <\/td>\n<\/tr>\n | ||||||
| 293<\/td>\n | G.12 Pointer Casting and Pointer Type Changes [HFC] G.13 Pointer Arithmetic [RVG] G.14 Null Pointer Dereference [XYH] G.15 Dangling Reference to Heap [XYK] G.16 Arithmetic Wrap-around Error [FIF] G.17 Using Shift Operations for Multiplication and Division [PIK] G.18 Sign Extension Error [XZI] G.19 Choice of Clear Names [NAI] G.20 Dead store [WXQ] <\/td>\n<\/tr>\n | ||||||
| 294<\/td>\n | G.21 Unused Variable [YZS] G.22 Identifier Name Reuse [YOW] G.23 Namespace Issues [BJL] G.24 Initialization of Variables [LAV] G.25 Operator Precedence\/Order of Evaluation [JCW] G.26 Side-effects and Order of Evaluation [SAM] G.27 Likely Incorrect Expression [KOA] G.28 Dead and Deactivated Code [XYQ] <\/td>\n<\/tr>\n | ||||||
| 295<\/td>\n | G.29 Switch Statements and Static Analysis [CLL] G.30 Demarcation of Control Flow [EOJ] G.31 Loop Control Variables [TEX] G.32 Off-by-one Error [XZH] G.33 Structured Programming [EWD] G.34 Passing Parameters and Return Values [CSJ] <\/td>\n<\/tr>\n | ||||||
| 296<\/td>\n | G.35 Dangling References to Stack Frames [DCM] G.36 Subprogram Signature Mismatch [OTR] G.37 Recursion [GDL] G.38 Ignored Error Status and Unhandled Exceptions [OYB] G.39 Termination Strategy [REU] <\/td>\n<\/tr>\n | ||||||
| 297<\/td>\n | G.40 Type-breaking Reinterpretation of Data [AMV] G.41 Memory Leak [XYL] G.42 Templates and Generics [SYM] G.43 Inheritance [RIP] G.44 Extra Intrinsics [LRM] G.45 Argument Passing to Library Functions [TRJ] G.46 Inter-language Calling [DJS] <\/td>\n<\/tr>\n | ||||||
| 298<\/td>\n | G.47 Dynamically-linked Code and Self-modifying Code [NYY] G.48 Library Signature [NSQ] G.49 Unanticipated Exceptions from Library Routines [HJW] G.50 Pre-Processor Directives [NMP] G.51 Suppression of Language-defined Run-time Checking [MXB] G.52 Provision of Inherently Unsafe Operations [SKL] G.53 Obscure Language Features [BRS] <\/td>\n<\/tr>\n | ||||||
| 299<\/td>\n | G.54 Unspecified Behaviour [BQF] G.55 Undefined Behaviour [EWF] G.56 Implementation-Defined Behaviour [FAB] G.57 Deprecated Language Features [MEM] G.58 Implications for standardization <\/td>\n<\/tr>\n | ||||||
| 300<\/td>\n | Annex H (informative) Vulnerability descriptions for the language PHP H.1 Identification of standards and associated documentation <\/td>\n<\/tr>\n | ||||||
| 301<\/td>\n | H.2 General Terminology and Concepts H.2.1 General Terminology H.2.2 Key Concepts <\/td>\n<\/tr>\n | ||||||
| 302<\/td>\n | H.3 Type System [IHN] H.3.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 303<\/td>\n | H.3.2 Guidance to Language Users H.4 Bit Representations [STR] H.4.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 304<\/td>\n | H.4.2 Guidance to Language Users H.5 Floating-point Arithmetic [PLF] H.5.1 Applicability to Language H.5.2 Guidance to Language Users H.6 Enumerator Issues [CCB] H.6.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 305<\/td>\n | H.6.2 Guidance to Language Users H.7 Numeric Conversion Errors [FLC] H.7.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 306<\/td>\n | H.7.2 Guidance to Language Users H.8 String Termination [CJM] H.8.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 307<\/td>\n | H.8.2 Guidance to Language Users H.9 Buffer Boundary Violation (Buffer Overflow) [HCB] H.10 Unchecked Array Indexing [XYZ] H.11 Unchecked Array Copying [XYW] H.12 Pointer Casting and Pointer Type Changes [HFC] H.13 Pointer Arithmetic [RVG] <\/td>\n<\/tr>\n | ||||||
| 308<\/td>\n | H.14 Null Pointer Dereference [XYH] H.15 Dangling Reference to Heap [XYK] H.16 Arithmetic Wrap-around Error [FIF] H.16.1 Applicability to Language H.16.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 309<\/td>\n | H.17 Using Shift Operations for Multiplication and Division [PIK] H.17.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 310<\/td>\n | H.17.2 Guidance to Language Users H.18 Sign Extension Error [XZI] H.19 Choice of Clear Names [NAI] H.19.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 311<\/td>\n | H.19.2 Guidance to Language Users H.20 Dead Store [WXQ] H.20.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 312<\/td>\n | H.20.2 Guidance to Language Users H.21 Unused Variable [YZS] H.22 Identifier Name Reuse [YOW] H.22.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 313<\/td>\n | H.22.2 Guidance to Language Users H.23 Namespace Issues [BJL] H.23.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 314<\/td>\n | H.23.2 Guidance to Language Users H.24 Initialization of Variables [LAV] H.24.1 Applicability of language H.24.2 Guidance to Language Users H.25 Operator Precedence\/Order of Evaluation [JCW] H.25.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 315<\/td>\n | H.25.2 Guidance to Language Users H.26 Side-effects and Order of Evaluation [SAM] H.26.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 316<\/td>\n | H.26.2 Guidance to Language Users H.27 Likely Incorrect Expression [KOA] H.27.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 317<\/td>\n | H.27.2 Guidance to Language Users H.28 Dead and Deactivated Code [XYQ] H.28.1 Applicability to Language H.28.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 318<\/td>\n | H.29 Switch Statements and Static Analysis [CLL] H.29.1 Applicability to Language H.29.2 Guidance to Language Users H.30 Demarcation of Control Flow [EOJ] H.30.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 319<\/td>\n | H.30.2 Guidance to Language Users H.31 Loop Control Variables [TEX] H.31.1 Applicability to Language H.31.2 Guidance to Language Users H.32 Off-by-one Error [XZH] H.32.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 320<\/td>\n | H.32.2 Guidance to Language Users H.33 Structured Programming [EWD] H.33.1 Applicability to Language H.33.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 321<\/td>\n | H.34 Passing Parameters and Return Values [CSJ] H.34.1 Applicability to Language H.34.2 Guidance to Language Users H.35 Dangling References to Stack Frames [DCM] H.36 Subprogram Signature Mismatch [OTR] H.36.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 322<\/td>\n | H.36.2 Guidance to Language Users H.37 Recursion [GDL] H.37.1 Applicability to Language H.37.2 Guidance to Language Users H.38 Ignored Error Status and Unhandled Exceptions [OYB] H.38.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 323<\/td>\n | H.38.2 Guidance to Language Users H.39 Termination Strategy [REU] H.39.1 Applicability to Language <\/td>\n<\/tr>\n | ||||||
| 324<\/td>\n | H.39.2 Guidance to Language Users H.40 Type-breaking Reinterpretation of Data [AMV] H.41 Memory Leak [XYL] H.41.1 Applicability to Language H.41.2 Guidance to Language Users H.42 Templates and Generics [SYM] <\/td>\n<\/tr>\n | ||||||
| 325<\/td>\n | H.43 Inheritance [RIP] H.43.1 Applicability to Language H.43.2 Guidance to Language Users H.44 Extra Intrinsics [LRM] H.45 Argument Passing to Library Functions [TRJ] H.45.1 Applicability to Language H.45.2 Guidance to language users H.46 Inter-language Calling [DJS] H.46.1 Applicability to Language H.46.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 326<\/td>\n | H.47 Dynamically-linked Code and Self-modifying Code [NYY] H.47.1 Applicability to Language H.47.2 Guidance to Language Users H.48 Library Signature [NSQ] H.48.1 Applicability to Language H.48.2 Guidance to Language Users H.49 Unanticipated Exceptions from Library Routines [HJW] H.49.1 Applicability to Language H.49.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 327<\/td>\n | H.50 Pre-processor Directives [NMP] H.51 Suppression of Run-time Checking [MXB] H.51.1 Applicability to Language H.51.2 Guidance to Language Users H.52 Provision of Inherently Unsafe Operations [SKL] H.52.1 Applicability of language H.52.2 Guidance to Language Users H.53 Obscure Language Features [BRS] H.53.1 Applicability of language <\/td>\n<\/tr>\n | ||||||
| 328<\/td>\n | H.53.2 Guidance to Language Users H.54 Unspecified Behaviour [BQF] H.54.1 Applicability of language <\/td>\n<\/tr>\n | ||||||
| 329<\/td>\n | H.54.2 Guidance to Language Users H.55 Undefined Behaviour [EWF] H.55.1 Applicability to Language H.55.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 330<\/td>\n | H.56 Implementation\u2013defined Behaviour [FAB] H.56.1 Applicability to Language H.56.2 Guidance to Language Users H.57 Deprecated Language Features [MEM] H.57.1 Applicability to Language H.57.2 Guidance to Language Users <\/td>\n<\/tr>\n | ||||||
| 331<\/td>\n | Bibliography <\/td>\n<\/tr>\n | ||||||
| 334<\/td>\n | Index <\/td>\n<\/tr>\n | ||||||
| 335<\/td>\n | Blank Page <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Information technology. Programming languages. Guidance to avoiding vulnerabilities in programming languages through language selection and use<\/b><\/p>\n |