Comprehensive Categorization: Insufficient Control Flow Management

A product's hardware-based access control check occurs after the asset has been accessed.

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is n...

The code uses an operator for assignment when the intention was to perform a comparison.

The code uses an operator for comparison when the intention was to perform an assignment.

Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

The wrong "handler" is assigned to process an object.

The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data fr...

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enf...

The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in ...

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs th...

The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.

The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.

The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to a...

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

A J2EE application uses System.exit(), which also shuts down its container.

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

A handler is not available or implemented.

The product does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format e...

The product uses an expression in which operator precedence causes incorrect logic to be used.

The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe th...

The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.

Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.

An exception is thrown from a function, but it is not caught.

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

During execution of non-reentrant code, the product performs a call that unintentionally produces a nested invocation of the non-reentrant code.

The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invo...

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...