CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-474: Use of Function with Inconsistent Implementations

Weakness ID: 474
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The code uses a function that has inconsistent implementations across operating systems and versions.

Extended Description

The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases.

The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include:

  • Slight differences in the way parameters are interpreted leading to inconsistent results.

  • Some implementations of the function carry significant security risks.

  • The function might not be defined on all platforms.

  • The function might change which return codes it can provide, or change the meaning of its return codes.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

C: (Often)

PHP: (Often)

Language-independent

+ Common Consequences
ScopeEffect
Other

Technical Impact: Quality degradation; Varies by context

+ Potential Mitigations

Phases: Architecture and Design; Requirements

Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class398Indicator of Poor Code Quality
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ChildOfCategoryCategory1001SFP Secondary Cluster: Use of an Improper API
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant589Call to Non-ubiquitous API
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsInconsistent Implementations
Software Fault PatternsSFP3Use of an improper API
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Other_Notes
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-06-23CWE Content TeamMITREInternal
updated Applicable_Platforms, Description, Other_Notes
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Inconsistent Implementations

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017