I am doing the mappings of several open source tools to CWE. I wanted to check my
understanding of the CWE's around buffer overflows by creating a fault tree. I don't
know if anyone else has created one of these, but I haven't seen one. From what I can
tell, the basic fault tree is something like this:
Does the problem start before the buffer?
yes, is it a read or write?
read = 127
write = 124
no, 823 is general category is it index or function based?
indexed, is it a read or write?
write, is it heap or stack based?
heap = 122
stack = 121
read = 787
function based, did the function take a length param?
yes = 805
no, did it use the source buffer size rather than destination's?
yes = 806
no = 120