CWE-758 依赖未定义、未指明或实现定义的行为
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
扩展描述
This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.
相关缺陷
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Other |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CERT C Secure Coding | ARR32-C | CWE More Abstract | Ensure size arguments for variable length arrays are in a valid range |
| CERT C Secure Coding | ERR34-C | Imprecise | Detect errors when converting a string to a number |
| CERT C Secure Coding | EXP30-C | CWE More Abstract | Do not depend on the order of evaluation for side effects |
| CERT C Secure Coding | EXP33-C | CWE More Abstract | Do not read uninitialized memory |
| CERT C Secure Coding | FIO46-C | CWE More Abstract | Do not access a closed file |
| CERT C Secure Coding | INT34-C | CWE More Abstract | Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| CERT C Secure Coding | INT36-C | CWE More Abstract | Converting a pointer to integer or integer to pointer |
| CERT C Secure Coding | MEM30-C | CWE More Abstract | Do not access freed memory |
| CERT C Secure Coding | MSC14-C | Do not introduce unnecessary platform dependencies | |
| CERT C Secure Coding | MSC15-C | Do not depend on undefined behavior | |
| CERT C Secure Coding | MSC37-C | CWE More Abstract | Ensure that control never reaches the end of a non-void function |
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论