Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Mondoo Vulnerability Intelligence

CWE-758

ClassIncomplete

View on MITRE

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

9 linked vulnerabilities

1 related weaknesses

Extended Description

This can lead to resultant weaknesses when the required properties change, such as when the product is ported to a different platform or if an interaction error (CWE-435) occurs.

OtherReduce MaintainabilityUnexpected StateQuality Degradation

FuzzingEffectiveness: High

Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

Modes of Introduction

Implementation

Related Weaknesses

CWE-710ChildOf

Example CVEs (1)

CVE-2006-1902

Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.

External Links

MITRE CWE Database