Integer Overflow occurs when an arithmetic operation attempts to create a numeric value that exceeds the maximum limit of the data type used to store it. Similarly, Integer Wraparound happens when the numeric value “wraps around”, cycling back to the minimum limit.
Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.
In software development, a NULL pointer is a pointer variable that does not reference any valid memory location. Dereferencing such a pointer—attempting to access the memory it supposedly points to—results in undefined behaviour. In many systems, this leads to crashes, data corruption, or even exploitable vulnerabilities.
CWE-200 refers to a software flaw where sensitive information—such as personal data, proprietary business details, or system configurations—is unintentionally exposed to individuals or entities without proper authorisation. This weakness typically results from poor implementation of access controls, inadequate data masking, or flawed logic in data-handling processes.
Deserialisation refers to the process of converting serialised data (a compact format of an object or data structure) back into its original form. While this operation is indispensable in modern software, it becomes a vulnerability when the deserialised data originates from an untrusted source.
When untrusted data is deserialised without validation, attackers can exploit the process to execute arbitrary code, manipulate application logic, or inject malicious payloads. CWE-502 encapsulates this weakness, highlighting its potential to compromise data integrity, confidentiality, and availability.