Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-670: Always-Incorrect Control Flow Implementation

Weakness ID: 670
Abstraction: Class
Status: Draft
Presentation Filter:
+ Description

Description Summary

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Extended Description

This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.

+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Modes of Introduction

This issue typically appears in rarely-tested code, since the "always-incorrect" nature will be detected as a bug during normal usage.

+ Common Consequences

Technical Impact: Other; Alter execution logic

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class691Insufficient Control Flow Management
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory977SFP Secondary Cluster: Design
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base480Use of Incorrect Operator
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant483Incorrect Block Delimitation
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base484Omitted Break Statement in Switch
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant617Reachable Assertion
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base698Execution After Redirect (EAR)
Research Concepts1000
ParentOfWeakness VariantWeakness Variant783Operator Precedence Logic Error
Research Concepts (primary)1000
+ Maintenance Notes

This node could possibly be split into lower-level nodes. "Early Return" is for returning control to the caller too soon (e.g., CWE-584). "Excess Return" is when control is returned too far up the call stack (CWE-600, CWE-395). "Improper control limitation" occurs when the product maintains control at a lower level of execution, when control should be returned "further" up the call stack (CWE-455). "Incorrect syntax" covers code that's "just plain wrong" such as CWE-484 and CWE-483.

+ Content History
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Other_Notes
2009-07-27CWE Content TeamMITREInternal
updated Maintenance_Notes, Modes_of_Introduction, Other_Notes, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017