CWE-758 依赖未定义、未指明或实现定义的行为
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
扩展描述
This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 710 cwe_View_ID: 1000 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Other |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CERT C Secure Coding | ARR32-C | CWE More Abstract | Ensure size arguments for variable length arrays are in a valid range |
| CERT C Secure Coding | ERR34-C | Imprecise | Detect errors when converting a string to a number |
| CERT C Secure Coding | EXP30-C | CWE More Abstract | Do not depend on the order of evaluation for side effects |
| CERT C Secure Coding | EXP33-C | CWE More Abstract | Do not read uninitialized memory |
| CERT C Secure Coding | FIO46-C | CWE More Abstract | Do not access a closed file |
| CERT C Secure Coding | INT34-C | CWE More Abstract | Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| CERT C Secure Coding | INT36-C | CWE More Abstract | Converting a pointer to integer or integer to pointer |
| CERT C Secure Coding | MEM30-C | CWE More Abstract | Do not access freed memory |
| CERT C Secure Coding | MSC14-C | Do not introduce unnecessary platform dependencies | |
| CERT C Secure Coding | MSC15-C | Do not depend on undefined behavior | |
| CERT C Secure Coding | MSC37-C | CWE More Abstract | Ensure that control never reaches the end of a non-void function |
文章来源于互联网:scap中文网
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论