CWE-913: Improper Control of Dynamically-Managed Code Resources
low-riskThe product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
Abstraction: Class
Common Consequences
Integrity
→
Execute Unauthorized Code or Commands
Other
→
Varies by Context
Detection Methods
Fuzzing
Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2020-15568 | 9.8 | 93.3% | — |
| CVE-2022-36067 | 10.0 | 84.8% | — |
| CVE-2022-36067 | 10.0 | 84.8% | — |
| CVE-2023-50386 | 8.8 | 84.7% | — |
| CVE-2025-68613 | 9.9 | 79.2% | Y |
| CVE-2025-68613 | 9.9 | 79.2% | Y |
| CVE-2023-43177 | 9.8 | 76.8% | — |
| CVE-2023-29017 | 10.0 | 75.4% | — |
| CVE-2024-5452 | 9.8 | 56.7% | — |
| CVE-2023-29199 | 9.8 | 25.1% | — |
22
/ 100
low-risk
Active Threat
21/50 · Moderate
Exploit Availability
1/50 · Minimal