CWE-475 - Undefined Behavior for Input to API

Home/CWEs/CWE info/

CWE-475

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Undefined Behavior for Input to API

Description: The behavior of this function is undefined unless its control parameter is set to a specific value.

Common Consequences: Scope: Other
Impact: Quality Degradation, Varies by Context

Related Weaknesses: CWE-573Improper Following of Specification by Caller

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

CWE top 25 most dangerous software weaknesses

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Windows 11 KB5046740 update released with 14 changes and fixes

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

Download: CIS Critical Security Controls v8.1

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Common Alerts

InformationalASP.NET ViewState Disclosure

MediumSpring Actuator Information Leak

MediumSource Code Disclosure - PHP

InformationalSec-Fetch-Mode Header Has an Invalid Value

InformationalHTTP Parameter Pollution

HighLog4Shell (CVE-2021-44228)

InformationalUser Agent Fuzzer

LowInformation Disclosure - Debug Error Messages via WebSocket

HighNoSQL Injection - MongoDB

LowCSP: Notices

Top CVE List

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

Top CWE List

CWE-328 Use of Weak Hash

CWE-15 External Control of System or Configuration Setting

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-1426 Improper Validation of Generative AI Output

MediumCWE-250 Execution with Unnecessary Privileges

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

MediumCWE-190 Integer Overflow or Wraparound

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-475 - Undefined Behavior for Input to API

The behavior of this function is undefined unless its control parameter is set to a specific value.