MISRA CWE Coverage

Overview

MISRA (Motor Industry Software Reliability Association) provides essential coding guidelines for safe, secure, and reliable software, especially in safety-critical embedded systems, extending beyond automotive to aerospace, medical, and industrial fields, ensuring developers use C/C++ with fewer errors, better portability, and higher maintainability through rules classified as mandatory, required, or advisory, with compliance managed through documentation and deviation processes.

This article organizes Common Weakness Enumerations (CWEs) relevant to MISRA.
Each row in the table below outlines a specific compliance standard, categorized by the following columns:

Compliance Standard: The specific category of the standard to which the CWE is mapped.
CWE-ID: The relevant CWE for this standard, along with a short description.

Misra C:2025

Compliance Standard	CWE-ID
1.5	CWE-676: Use of Potentially Dangerous Function
Dir 4.1	CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound)
Dir 4.14	CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-369: Divide By Zero CWE-606: Unchecked Input for Loop Condition CWE-789: Memory Allocation with Excessive Size Value
21.3	CWE-416: Use After Free
21.6	CWE-134: Use of Externally-Controlled Format String
21.17	CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write
21.18	CWE-121: Stack-based Buffer Overflow
21.21	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
22.2	CWE-415: Double Free

Misra C++:2023

Compliance Standard	CWE-ID
4.1.2	CWE-242: Use of Inherently Dangerous Function
7.0.5	CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound)
21.2.3	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
21.6.2	CWE-415: Double Free CWE-416: Use After Free
30.0.1	CWE-134: Use of Externally-Controlled Format String