CWE-440
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
Informations générales
Modes d'introduction
Architecture and DesignImplementation
Operation
Plateformes applicables
Langue
Class: Not Language-Specific (Undetermined)Technologies
Class: ICS/OT (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Other | Quality Degradation, Varies by Context |
Exemples observés
| Références | Description |
|---|---|
CVE-2003-0187 | Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations. |
CVE-2003-0465 | "strncpy" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error? |
CVE-2005-3265 | Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn't. |
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
The behavior of an application that is not consistent with the expectations of the developer may lead to incorrect use of the software.Références
REF-1384
The RISC-V Instruction Set Manual Volume II: Privileged Architecture page 28https://riscv.org/wp-content/uploads/2017/05/riscv-privileged-v1.10.pdf
REF-1385
csr_regfile.svhttps://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/csr_regfile.sv
REF-1386
Fix for csr_regfile.svhttps://github.com/HACK-EVENT/hackatdac21/blob/2341c625a28d2fb87d370e32c45b68bd711cc43b/piton/design/chip/tile/ariane/src/csr_regfile.sv#L519C4-L522C20
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Other_Notes, Relevant_Properties, Theoretical_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relevant_Properties | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description, Observed_Examples, Theoretical_Notes | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.