CWE-758 依赖未定义、未指明或实现定义的行为

  • A+
所属分类:CWE(弱点枚举)

CWE-758 依赖未定义、未指明或实现定义的行为

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

结构: Simple

Abstraction: Class

状态: Incomplete

被利用可能性: unkown

基本描述

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

扩展描述

This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 710 cwe_View_ID: 1000 cwe_Ordinal: Primary

常见的影响

范围 影响 注释
Other Other

分析过的案例

标识 说明 链接

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding ARR32-C CWE More Abstract Ensure size arguments for variable length arrays are in a valid range
CERT C Secure Coding ERR34-C Imprecise Detect errors when converting a string to a number
CERT C Secure Coding EXP30-C CWE More Abstract Do not depend on the order of evaluation for side effects
CERT C Secure Coding EXP33-C CWE More Abstract Do not read uninitialized memory
CERT C Secure Coding FIO46-C CWE More Abstract Do not access a closed file
CERT C Secure Coding INT34-C CWE More Abstract Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
CERT C Secure Coding INT36-C CWE More Abstract Converting a pointer to integer or integer to pointer
CERT C Secure Coding MEM30-C CWE More Abstract Do not access freed memory
CERT C Secure Coding MSC14-C Do not introduce unnecessary platform dependencies
CERT C Secure Coding MSC15-C Do not depend on undefined behavior
CERT C Secure Coding MSC37-C CWE More Abstract Ensure that control never reaches the end of a non-void function

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: