CWE

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

ID: 758		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Class

Description

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Extended Description

This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.

Applicable Platforms
None

Common Consequences

Scope	Technical Impact	Notes
Other	Other

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-758 ChildOf CWE-887	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. CVE-2006-1902 : Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CERT C Secure Coding	MSC14-C	Do not introduce unnecessary platform dependencies
CERT C Secure Coding	MSC15-C	Do not depend on undefined behavior

References:
None