BaseDraft

CWE-390Detection of Error Condition Without Action

Category: other

Description

The product detects a specific error, but takes no actions to handle the error.

Common consequences· 1

  • Integrity / Other — Varies by Context, Unexpected State, Alter Execution Logic
    An attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended logic and could cause other unintended behavior.

Potential mitigations· 3

  • [Implementation]Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
  • [Implementation]If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program.
  • [Testing]Subject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.

References

  1. https://cwe.mitre.org/data/definitions/390.html

(incoming)1

TypeTargetConfidenceTier
KEVEntryQualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerabilitykev-cve-2021-19060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Handling of Exceptional Conditions
CWE
Missing Standardized Error Handling Mechanism
CWE
Improper Check or Handling of Exceptional Conditions
CWE
Missing Report of Error Condition
CWE
Improper Check for Unusual or Exceptional Conditions
CWE
Insufficient Documentation of Error Handling Techniques
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.