Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CWE-684: Incorrect Provision of Specified Functionality | Mondoo Vulnerability Intelligence

CWE-684

ClassDraft

View on MITRE

Incorrect Provision of Specified Functionality

The code does not function according to its published specifications, potentially leading to incorrect usage.

18 linked vulnerabilities

1 related weaknesses

Extended Description

When providing functionality to an external party, it is important that the product behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.

Implementation

Ensure that your code strictly conforms to specifications.

Other

Quality Degradation

Modes of Introduction

Implementation

Related Weaknesses

CWE-710ChildOf

Example CVEs (4)

CVE-2002-1446

Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.

CVE-2001-1559

Chain: System call returns wrong value (CWE-393), leading to a resultant NULL dereference (CWE-476).

CVE-2003-0187

Program uses large timeouts on unconfirmed connections resulting from inconsistency in linked lists implementations.

CVE-1999-1446

UI inconsistency; visited URLs list not cleared when "Clear History" option is selected.

External Links

MITRE CWE Database