CWE-440
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
Informacje ogólne
Sposoby wprowadzenia
Architecture and DesignImplementation
Operation
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Technologie
Class: ICS/OT (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Other | Quality Degradation, Varies by Context |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2003-0187 | Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations. |
CVE-2003-0465 | "strncpy" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error? |
CVE-2005-3265 | Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn't. |
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notatki
The behavior of an application that is not consistent with the expectations of the developer may lead to incorrect use of the software.Odniesienia
REF-1384
The RISC-V Instruction Set Manual Volume II: Privileged Architecture page 28https://riscv.org/wp-content/uploads/2017/05/riscv-privileged-v1.10.pdf
REF-1385
csr_regfile.svhttps://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/csr_regfile.sv
REF-1386
Fix for csr_regfile.svhttps://github.com/HACK-EVENT/hackatdac21/blob/2341c625a28d2fb87d370e32c45b68bd711cc43b/piton/design/chip/tile/ariane/src/csr_regfile.sv#L519C4-L522C20
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Other_Notes, Relevant_Properties, Theoretical_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relevant_Properties | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description, Observed_Examples, Theoretical_Notes | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
