CWE-475 - Undefined Behavior for Input to API

Home/CWEs/CWE info/

CWE-475

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Undefined Behavior for Input to API

Description: The behavior of this function is undefined unless its control parameter is set to a specific value.

Common Consequences: Scope: Other
Impact: Quality Degradation, Varies by Context

Related Weaknesses: CWE-573Improper Following of Specification by Caller

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Truist Bank confirms breach after stolen data shows up on hacking forum

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

Google patches actively exploited Android vulnerability (CVE-2024-43093)

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

Download: CIS Critical Security Controls v8.1

CISA proposes new security requirements to protect govt, personal data

Common Alerts

LowInsufficient Site Isolation Against Spectre Vulnerability

LowX-Backend-Server Header Information Leak

HighServer Side Template Injection (Blind)

InformationalStorable and Cacheable Content

LowSecure Pages Include Mixed Content

InformationalInformation Disclosure - Information in Browser localStorage

MediumHidden File Found

InformationalInformation Disclosure - Sensitive Information in HTTP Referrer Header

LowInformation Disclosure - Sensitive Information in Browser localStorage

InformationalUser Controllable JavaScript Event (XSS)

Latest CVE List

CVE-2024-5910 Palo Alto Expedition Missing Authentication Vulnerability

CVE-2024-43093 Android Framework Privilege Escalation Vulnerability

CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability

CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

Top CWE List

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1426 Improper Validation of Generative AI Output

CWE-15 External Control of System or Configuration Setting

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-250 Execution with Unnecessary Privileges

CWE-290 Authentication Bypass by Spoofing

CWE-328 Use of Weak Hash

CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

MediumCWE-353 Missing Support for Integrity Check

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-475 - Undefined Behavior for Input to API

The behavior of this function is undefined unless its control parameter is set to a specific value.