CWE一覧に戻る

CWE-391

チェックされていないエラー状態

Unchecked Error Condition

脆弱性作成中

日本語説明

JA

[非推奨予定。メンテナンスノートを参照し、cwe-252, cwe-248, または cwe-1069 を検討してください]。例外やその他のエラー条件を無視することは、攻撃者が気づかないうちに予期せぬ動作を引き起こすことを許すかもしれません。

原文 (English)

EN

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

関連する脆弱性

想定される影響

Scope: Integrity, Other / Impact: Varies by Context; Unexpected State; Alter Execution Logic

対策・緩和策

The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.

A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.

Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.

外部リンク

MITRE公式ページ — CWE-391