CWE

CWE-440 – Expected Behavior Violation

May 26, 2022 rocco

Read Time:32 Second

Description

A feature, API, or function does not perform according to its specification.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

Consequences

Other: Quality Degradation, Varies by Context

Potential Mitigations

CVE References

CVE-2003-0187
- Program uses large timeouts on “undeserving” to compensate for inconsistency of support for linked lists.

CVE-2003-0465
- “strncpy” in Linux kernel acts different than libc on x86, leading to expected behavior difference – sort of a multiple interpretation error?

CVE-2005-3265
- Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn’t.

News, Advisories and much more

Exit mobile version