CWE-440

Expected Behavior Violation

Base

Draft

Description

A feature, API, or function does not perform according to its specification.

Parent Weaknesses (ChildOf)

CWE-684: Incorrect Provision of Specifi...

Common Consequences

Scope

Other

Impact

Quality Degradation, Varies by Context

CVE-2003-0187

Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations.

CVE-2003-0465

"strncpy" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error?

CVE-2005-3265

Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn't.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-440

Expected Behavior Violation

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms