CWE-573

Improper Following of Specification by Caller

Class

What it is

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Impact

Other

Quality Degradation, Varies by Context

Real-world CVE examples

CVE-2006-7140 — Crypto implementation removes padding when it shouldn't, allowing forged signatures
CVE-2006-4339 — Crypto implementation removes padding when it shouldn't, allowing forged signatures

Related weaknesses

CWE-710 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →