Tag Archives: or Implementation-Defined Behavior

CWE-758 – Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Read Time:31 Second

Description

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.

Modes of Introduction:

Likelihood of Exploit:

 

Related Weaknesses

CWE-710

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

 

  • CVE-2006-1902
    • Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.