Read Time:31 Second
Description
The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Other: Alter Execution Logic, Other
Potential Mitigations
CVE References
- CVE-2014-1266
- chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).