Class weakness

Incomplete

CWE-913: Improper Control of Dynamically-Managed Code Resources

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.

CWE-913: Improper Control of Dynamically-Managed Code Resources

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Code examples

Illustrative examples

Frequently asked questions

What is CWE-913?

What CVEs are caused by CWE-913?

How do you prevent CWE-913?

How is CWE-913 detected?

What are the consequences of CWE-913?

Is CWE-913 actively exploited?

References

Stay ahead of CWE-913

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-913?

What CVEs are caused by CWE-913?

How do you prevent CWE-913?

How is CWE-913 detected?

What are the consequences of CWE-913?

Is CWE-913 actively exploited?

References

Stay ahead of CWE-913