Class weakness

Draft

CWE-684: Incorrect Provision of Specified Functionality

The code does not function according to its published specifications, potentially leading to incorrect usage.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

When providing functionality to an external party, it is important that the product behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.

CWE-684: Incorrect Provision of Specified Functionality

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-684?

What CVEs are caused by CWE-684?

How do you prevent CWE-684?

What are the consequences of CWE-684?

Is CWE-684 actively exploited?

References

Stay ahead of CWE-684

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-684?

What CVEs are caused by CWE-684?

How do you prevent CWE-684?

What are the consequences of CWE-684?

Is CWE-684 actively exploited?

References

Stay ahead of CWE-684