CWE-440: Expected Behavior Violation
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A feature, API, or function does not perform according to its specification.
常见后果
影响范围: Other
技术影响: Quality Degradation Varies by Context
观察示例
参考: CVE-2003-0187
Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations.
参考: CVE-2003-0465
"strncpy" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error?
参考: CVE-2005-3265
Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn't.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Operation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Expected behavior violation | - |