Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Weakness ID: 758
Abstraction: Class
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Extended Description

This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.

+ Common Consequences

Technical Impact: Other

+ Observed Examples
Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory1001SFP Secondary Cluster: Use of an Improper API
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base188Reliance on Data/Memory Layout
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base587Assignment of a Fixed Address to a Pointer
Research Concepts1000
ParentOfWeakness VariantWeakness Variant588Attempt to Access Child of a Non-structure Pointer
Research Concepts1000
ParentOfWeakness BaseWeakness Base733Compiler Optimization Removal or Modification of Security-critical Code
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingMSC14-CDo not introduce unnecessary platform dependencies
CERT C Secure CodingMSC15-CDo not depend on undefined behavior
+ Content History
Submission DateSubmitterOrganizationSource
2009-03-03Internal CWE Team
Modification DateModifierOrganizationSource
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017