Description
The software contains dead code, which can never be executed.
Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Other: Quality Degradation
Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality.
Other: Reduce Maintainability
Potential Mitigations
Phase: Implementation
Description:
Remove dead code before deploying the application.
Phase: Testing
Description:
Use a static analysis tool to spot dead code.
CVE References
- CVE-2014-1266
- chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...