CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)

The product detects a specific error, but takes no actions to handle the error.

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the und...

The product generates an error message that includes sensitive information about its environment, users, or associated data.

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the pro...

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

The product does not handle or incorrectly handles an exceptional condition.

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

The product does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to in...

CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being ac...