CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to rules in the Exceptions and Error Handling (ERR) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.

Weaknesses

Detection of Error Condition Without Action

The software detects a specific error, but takes no actions to handle the error.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the...

Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the so...

Improper Check or Handling of Exceptional Conditions

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Incorrect Control Flow Scoping

The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Missing Standardized Error Handling Mechanism

The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Concepts

Deprecated or Obsolete

Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016.

See Also

  1. 12. Exceptions and Error Handling (ERR)

    CERT


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.