CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.1)  

CWE-440: Expected Behavior Violation

 
Expected Behavior Violation
Weakness ID: 440 (Weakness Base)Status: Draft
+ Description

Description Summary

A feature, API, or function being used by a product behaves differently than the product expects.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Other

Technical Impact: Quality degradation; Varies by context

+ Observed Examples
ReferenceDescription
CVE-2003-0187Inconsistency in support of linked lists causes program to use large timeouts on "undeserving" connections.
CVE-2003-0465"strncpy" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error?
CVE-2005-3265Buffer overflow in product stems to the use of a third party library function that is expected to have internal protection against overflows, but doesn't.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory438Behavioral Problems
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base684Incorrect Provision of Specified Functionality
Research Concepts (primary)1000
+ Theoretical Notes

The consistency dimension of validity is the most appropriate relevant property of an expected behavior violation. That is, the behavior of the application is not consistent with the expectations of the developer, leading to a violation of the validity property of the software.

+ Relevant Properties
  • Validity
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERExpected behavior violation
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings
2009-10-29CWE Content TeamMITREInternal
updated Other_Notes, Relevant_Properties, Theoretical_Notes
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
Page Last Updated: September 12, 2011