Base weakness

Draft

CWE-439: Behavioral Change in New Version or Environment

Also known as: Functional change

A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-439 (Behavioral Change in New Version or Environment) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Common consequences

What can happen when CWE-439 is exploited.

Quality Degradation, Varies by Context

Affects: Other

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2002-1976 — Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).
CVE-2005-1711

CWE-439: Behavioral Change in New Version or Environment

Overview

Common consequences

How it happens

When it is introduced

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-439?

What are the consequences of CWE-439?

References

Stay ahead of CWE-439

Overview

Common consequences

How it happens

When it is introduced

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-439?

What are the consequences of CWE-439?

References

Stay ahead of CWE-439