CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-705: Incorrect Control Flow Scoping

Weakness ID: 705
Abstraction: Class
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Other

Technical Impact: Alter execution logic; Other

+ Observed Examples
ReferenceDescription
chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing man-in-the-middle attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint ('Man-in-the-Middle')).
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class691Insufficient Control Flow Management
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory744CERT C Secure Coding Section 10 - Environment (ENV)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory746CERT C Secure Coding Section 12 - Error Handling (ERR)
Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOfCategoryCategory851CERT Java Secure Coding Section 06 - Exceptional Behavior (ERR)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOfCategoryCategory854CERT Java Secure Coding Section 09 - Thread APIs (THI)
Weaknesses Addressed by the CERT Java Secure Coding Standard844
ChildOfCategoryCategory878CERT C++ Secure Coding Section 10 - Environment (ENV)
Weaknesses Addressed by the CERT C++ Secure Coding Standard868
ChildOfCategoryCategory880CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory977SFP Secondary Cluster: Design
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base248Uncaught Exception
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant382J2EE Bad Practices: Use of System.exit()
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base395Use of NullPointerException Catch to Detect NULL Pointer Dereference
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base396Declaration of Catch for Generic Exception
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base397Declaration of Throws for Generic Exception
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base455Non-exit on Failed Initialization
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base584Return Inside Finally Block
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base698Execution After Redirect (EAR)
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingENV32-CAll atexit handlers must return normally
CERT C Secure CodingERR04-CChoose an appropriate termination strategy
CERT Java Secure CodingTHI05-JDo not use Thread.stop() to terminate threads
CERT Java Secure CodingERR04-JDo not complete abruptly from a finally block
CERT Java Secure CodingERR05-JDo not let checked exceptions escape from a finally block
CERT C++ Secure CodingENV32-CPPAll atexit handlers must return normally
CERT C++ Secure CodingERR04-CPPChoose an appropriate termination strategy
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2011-03-29CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-09-13CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2014-06-23CWE Content TeamMITREInternal
updated Observed_Examples
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017