|
|
|
|
CWE-389 Individual Dictionary Definition (Draft 9)
Category ID
| Status: Incomplete 389 (Category) | | Description | Summary If a function in a product does not generate the correct return/status codes, or if the
product does not handle all possible return/status codes that could be generated by a function,
then security issues may result. This type of problem is most often found in conditions that are
rarely encountered during the normal operation of the product. Presumably, most bugs related to
common conditions are found and eliminated during development and testing. In some cases, the
attacker can directly control or influence the environment to trigger the rare conditions. | | Context Notes | This category is often primary to a variety of other weaknesses. | | Research Gaps | Many researchers focus on the resultant weaknesses and do not necessarily diagnose
whether a rare condition is the primary factor. However,
since 2005 it seems to be reported more
frequently than in the past. This subject needs more study. | | Relationships | | | Source Taxonomies | PLOVER - Error Conditions, Return Values, Status Codes | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
