Read Time:51 Second
Description
The software contains dead code, which can never be executed.
Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Other: Quality Degradation
Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality.
Other: Reduce Maintainability
Potential Mitigations
Phase: Implementation
Description:
Remove dead code before deploying the application.
Phase: Testing
Description:
Use a static analysis tool to spot dead code.
CVE References
- CVE-2014-1266
- chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).