CWE-544 – Missing Standardized Error Handling Mechanism

Read Time:44 Second

Description

The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

If the application handles error messages individually, on a one-by-one basis, this is likely to result in inconsistent error handling. The causes of errors may be lost. Also, detailed information about the causes of an error may be unintentionally returned to the user.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-755

 

Consequences

Integrity, Other: Quality Degradation, Unexpected State, Varies by Context

 

Potential Mitigations

Phase: Architecture and Design

Description: 

define a strategy for handling errors of different severities, such as fatal errors versus basic log events. Use or create built-in language features, or an external package, that provides an easy-to-use API and define coding standards for the detection and handling of errors.

CVE References