Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Weakness ID: 758 (Weakness Class)Status: Incomplete
+ Description

Description Summary

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Extended Description

This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.

+ Observed Examples
ReferenceDescription
CVE-2006-1902Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base188Reliance on Data/Memory Layout
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base587Assignment of a Fixed Address to a Pointer
Research Concepts1000
ParentOfWeakness VariantWeakness Variant588Attempt to Access Child of a Non-structure Pointer
Research Concepts1000
ParentOfWeakness BaseWeakness Base733Compiler Optimization Removal or Modification of Security-critical Code
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingMSC14-CDo not introduce unnecessary platform dependencies
CERT C Secure CodingMSC15-CDo not depend on undefined behavior
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2009-03-03Internal CWE Team
Back to top