logo

Improper Following of Specification by Caller

Draft Class
Structure: Simple
Description

This weakness occurs when software fails to properly follow the documented rules, protocols, or requirements of an external component it uses, such as a library, API, framework, or platform.

Extended Description

When your code calls an external function—like an API method, a library routine, or a system call—it must play by that component's rules. Ignoring required parameter formats, sequence of operations, state assumptions, or error handling protocols can cause the external component to behave in unexpected and insecure ways. This mismatch between expected and actual usage is the core of the vulnerability. For developers, this means carefully reading and adhering to the official specifications, SDK documentation, or API contracts for any external dependency. Assume that deviations, even if they seem to work during testing, can introduce subtle bugs, stability issues, or security gaps that attackers might exploit to bypass controls, crash the system, or access unauthorized data.
Common Consequences 1
Scope: Other

Impact: Quality DegradationVaries by Context
Observed Examples 2
CVE-2006-7140Crypto implementation removes padding when it shouldn't, allowing forged signatures
CVE-2006-4339Crypto implementation removes padding when it shouldn't, allowing forged signatures
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Adherence to Coding Standards (CWE-710)
Taxonomy Mapping
  • The CERT Oracle Secure Coding Standard for Java (2011)