CWE-684: Incorrect Provision of Specified Functionality
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The code does not function according to its published specifications, potentially leading to incorrect usage.
扩展描述
When providing functionality to an external party, it is important that the product behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.
常见后果
影响范围: Other
技术影响: Quality Degradation
潜在缓解措施
阶段: Implementation
描述: Ensure that your code strictly conforms to specifications.
观察示例
参考: CVE-2002-1446
Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.
参考: CVE-2001-1559
Chain: System call returns wrong value (CWE-393), leading to a resultant NULL dereference (CWE-476).
参考: CVE-2003-0187
Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations.
参考: CVE-1999-1446
UI inconsistency; visited URLs list not cleared when "Clear History" option is selected.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | PRE09-C | Do not replace secure functions with less secure functions | - |