CWE-684
Incorrect Provision of Specified Functionality
Description
The code does not function according to its published specifications, potentially leading to incorrect usage.
When providing functionality to an external party, it is important that the product behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Quality Degradation
Potential Mitigations
Ensure that your code strictly conforms to specifications.
CVE-2002-1446Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.
CVE-2001-1559Chain: System call returns wrong value (CWE-393), leading to a resultant NULL dereference (CWE-476).
CVE-2003-0187Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations.
CVE-1999-1446UI inconsistency; visited URLs list not cleared when "Clear History" option is selected.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now