CWE-440 预期行为违背

Expected Behavior Violation

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

A feature, API, or function being used by a product behaves differently than the product expects.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 684 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Other ['Quality Degradation', 'Varies by Context']

分析过的案例

标识 说明 链接
CVE-2003-0187 Inconsistency in support of linked lists causes program to use large timeouts on "undeserving" connections. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0187
CVE-2003-0465 "strncpy" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0465
CVE-2005-3265 Buffer overflow in product stems to the use of a third party library function that is expected to have internal protection against overflows, but doesn't. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3265

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Expected behavior violation