CWE-391: Unchecked Error Condition

Description

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

The following code excerpt ignores a rarely-thrown exception from doExchange().

doExchange();

// // this can never happen// 
try {}catch (RareException e) {}

If a RareException were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-703: Improper Check or Handling of Exceptional Conditions

Go to

CWE-754: Improper Check for Unusual or Exceptional Conditions

Go to

Visit http://cwe.mitre.org/ for more details.