Skip to main content
Skip table of contents

C/C++ Gen 2

Note: Gen 1 is the default C/C++ detection engine for existing customers. Please reach out to your Customer Success Manager at Mend.io to upgrade to Gen 2.

Mend SAST-supported C/C++ file types

Source Files

Header Files

.c

.h

.cc

.hh

.cpp

.hxx

.cxx

.hpp

Mend SAST-supported C/C++ frameworks

Framework / Ecosystem / Domain

LLVM / MinGW / C++ toolchain

C standard library (glibc / musl)

GLib / GObject / GNOME

Apache Portable Runtime (APR)

Asynchronous I/O / Event Loop (libuv / libevent)

SQLite

ODBC / unixODBC

MySQL

PostgreSQL

MongoDB

BSON

Talloc

cURL / libcurl

OpenSSL / TLS / Cryptography

Redis

Memory Allocation (mimalloc)

JSON (jansson)

Protocol Buffers (protobuf-c)

MessagePack (msgpack-c)

Linux System APIs

Compression / Archiving (zlib / libarchive)

C++ Formatting & Logging (fmtlib / spdlog)

Boost C++ Libraries

Qt Framework

Scripting / Embedding (Lua / CPython / Duktape)

XML Processing (libxml2 / Xerces)

Cassandra

OpenLDAP

SSH / Secure Shell (libssh / libssh2)

RabbitMQ / AMQP

AWS SDK for C / C++

Azure SDK (C / C++)

MQTT (Paho)

HTTP / Web (httplib)

Mend SAST-supported C/C++ vulnerability types

The C/C++ vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.

C/C++ high-severity vulnerability types

CWE

Vulnerability Type

CWE-22

Path/Directory Traversal

CWE-78

Command Injection

CWE-89

SQL Injection

CWE-94

Code Injection

CWE-121

Buffer Overflow

CWE-134

Uncontrolled Format String

CWE-190

Integer Overflow

CWE-415

Double Free

CWE-416

Use After Free

CWE-787

Out of Buffer Bounds Write

CWE-918

Server Side Request Forgery (SSRF)

CWE-943

No-SQL Injection

C/C++ medium-severity vulnerability types

CWE

Vulnerability Type

CWE-125

Out of Buffer Bounds Read

CWE-191

Integer Underflow

CWE-606

Unchecked Input for Loop Condition

CWE-611

XML External Entity (XXE) Injection

CWE-676

Miscellaneous Dangerous Functions

CWE-798

Hardcoded Password/Credentials

C/C++ low-severity vulnerability types

CWE

Vulnerability Type

CWE-242

Use of Inherently Dangerous Function

CWE-369

Divide By Zero

CWE-476

NULL Pointer Dereference

CWE-789

Uncontrolled Memory Allocation

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close