CWE-475 - Undefined Behavior for Input to API
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Undefined Behavior for Input to API
Description
The behavior of this function is undefined unless its control parameter is set to a specific value.
Common Consequences
Scope: Other
Impact: Quality Degradation, Varies by Context
Related Weaknesses
New Windows 11 trick lets you bypass Microsoft Account requirement
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
Apple fined €150 million over App Tracking Transparency issues
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform
Google rolls out easy end-to-end encryption for Gmail business users
Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
HighSession Fixation
InformationalCORS Header
InformationalInformation Disclosure - Sensitive Information in HTTP Referrer Header