CWE-474: Use of Function with Inconsistent Implementations
Use of Function with Inconsistent Implementations
Weakness ID: 474 (Weakness Base)
Status: Draft
Description
Description Summary
The code uses a function that has inconsistent implementations across operating systems and versions, which might cause security-relevant portability problems.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
C: (Often)
PHP: (Often)
All
Common Consequences
Scope
Effect
Other
Technical Impact: Quality degradation; Varies by context
Potential Mitigations
Do not accept inconsistent behavior from the API specifications when
the deviant behavior increase the risk level.
Other Notes
The behavior of functions in this category varies by operating system, and
at times, even by operating system version. Implementation differences can
include:
Slight differences in the way parameters are interpreted leading to
inconsistent results.
Some implementations of the function carry significant security
risks.
The function might not be defined on all platforms.