"Memory Corruption Issues Lead 2021 CWE Top 25"
Memory corruption errors are still considered one of the most common and critical vulnerabilities in modern software. The MITRE-operated Homeland Security Systems Engineering and Development Institute places memory corruption errors at the top of the 25 most dangerous software weaknesses list. This placement is based on an analysis of Common Vulnerabilities and Exposures (CVE) data and severity scores given to each CVE. The MITRE Common Weakness Enumeration (CWE) team counted a total of over 3,000 identified security bugs associated with memory corruption issues in the National Vulnerability Database (NVD) within the past two years. The vulnerabilities received an average severity rating of 8.22 on a scale of 10, meaning most were ranged from serious to very critical. These errors can lead to system crashes, code execution, and data corruption. Cross-site scripting errors (Improper Neutralization of Input During Web Page Generation), which topped the list last year, were placed second in MITRE's new 2021 CWE Top 25 Most Dangerous Software Weaknesses list. Attackers could exploit cross-site scripting issues to steal session and cookie information, send malicious requests to a website, exploit browser vulnerabilities, and more. There were more vulnerabilities related to cross-site scripting in the NVD than the top-ranked memory corruption issue. However, these errors ranked lower in the list because they had a much lower average severity score. Other prevalent and severe software vulnerabilities include improper input validation errors and OS command injection. This article continues to discuss the issues included in MITRE's new 2021 CWE Top 25 Most Dangerous Software Weaknesses list.
Dark Reading reports "Memory Corruption Issues Lead 2021 CWE Top 25"