1. Home
  2. CWE Database
  3. CWE-474
Base · Medium

CWE-474: Use of Function with Inconsistent Implementations

The code uses a function that has inconsistent implementations across operating systems and versions.

CWE-474 · Base Level ·1 Mitigations

Description

The code uses a function that has inconsistent implementations across operating systems and versions.

The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases. The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include:

Potential Impact

Other

Quality Degradation, Varies by Context

Mitigations & Prevention

Architecture and DesignRequirements

Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always...

Taxonomy Mappings

  • 7 Pernicious Kingdoms: — Inconsistent Implementations
  • Software Fault Patterns: SFP3 — Use of an improper API

Frequently Asked Questions

What is CWE-474?

CWE-474 (Use of Function with Inconsistent Implementations) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The code uses a function that has inconsistent implementations across operating systems and versions.

How can CWE-474 be exploited?

Attackers can exploit CWE-474 (Use of Function with Inconsistent Implementations) to quality degradation, varies by context. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-474?

Key mitigations include: Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level.

What is the severity of CWE-474?

CWE-474 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.