CWE-705: Incorrect Control Flow Scoping
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.
常见后果
影响范围: Other
技术影响: Alter Execution Logic Other
观察示例
参考: CVE-2023-21087
Java code in a smartphone OS can encounter a "boot loop" due to an uncaught exception
参考: CVE-2014-1266
chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | ENV32-C | All exit handlers must return normally | CWE More Abstract |
| CERT C Secure Coding | ERR04-C | Choose an appropriate termination strategy | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | THI05-J | Do not use Thread.stop() to terminate threads | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | ERR04-J | Do not complete abruptly from a finally block | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | ERR05-J | Do not let checked exceptions escape from a finally block | - |
| SEI CERT Perl Coding Standard | EXP31-PL | Do not suppress or ignore exceptions | Imprecise |