CWE-475(Undefined Behavior for Input to API)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The behavior of this function is undefined unless its control parameter is set to a specific value.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-42009 | 2026-05-18 | A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pac… |
| CVE-2026-21690 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 … |
| CVE-2025-47866 | 2025-06-17 | An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. |
| CVE-2025-47865 | 2025-06-17 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. |
| CVE-2024-10569 | 2025-03-20 | A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed … |
| CVE-2024-3099 | 2024-06-06 | A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authentica… |
| CVE-2024-20380 | 2024-04-18 | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue i… |
| CVE-2023-52533 | 2024-04-08 | In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-4875 | 2023-09-09 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 |
| CVE-2023-4874 | 2023-09-09 | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 |
| CVE-2023-2253 | 2023-06-06 | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows… |
| CVE-2022-29207 | 2022-05-20 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided t… |
| CVE-2020-7925 | 2020-11-23 | Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service.… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Other_Notes, Taxonomy_Mappings |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Relationships |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Weakness_Ordinalities |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |