logo

Incorrect Control Flow Scoping

Incomplete Class
Structure: Simple
Description

This vulnerability occurs when a program fails to return execution to the correct point in the code after finishing a specific operation or handling an error. Instead of resuming normal flow, it may jump to an unintended location, leading to unpredictable behavior or security issues.

Extended Description

Incorrect control flow scoping is like a function not knowing where to go after it completes its job. Common causes include misusing return statements, incorrectly implementing callbacks, or improperly managing error handlers (like try/catch blocks). When the program's execution path doesn't correctly return to its calling context or a designated error-handling routine, it can leave the application in an inconsistent state, skip crucial security checks, or expose internal data. For developers, the main risk is that this flaw often creates subtle bugs that are hard to trace during testing but can be exploited in production. Attackers might manipulate error conditions or specific inputs to hijack the flawed control flow, potentially bypassing authentication, escalating privileges, or causing a crash. To prevent it, always ensure functions and error handlers have explicit, unambiguous return paths and that asynchronous callbacks correctly reintegrate into the main application logic.
Common Consequences 1
Scope: Other

Impact: Alter Execution LogicOther
Demonstrative Examples 3

ID : DX-39

The following example attempts to resolve a hostname.

Code Example:

Bad
Java
java
A DNS lookup failure will cause the Servlet to throw an exception.

ID : DX-180

This code queries a server and displays its status when a request comes from an authorized IP address.

Code Example:

Bad
PHP
php

...*

This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (Improper Removal of Sensitive Information Before Storage or Transfer).

ID : DX-199

Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.

Code Example:

Bad
Java
java
Observed Examples 2
CVE-2023-21087Java code in a smartphone OS can encounter a "boot loop" due to an uncaught exception
CVE-2014-1266chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). Incorrect Control Flow Scoping (Incorrect Control Flow Scoping) -> Dead Code (Dead Code) -> Improper Certificate Validation (Improper Certificate Validation) -> Return of Wrong Status Code (Return of Wrong Status Code) -> Channel Accessible by Non-Endpoint (Channel Accessible by Non-Endpoint).
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Insufficient Control Flow Management (CWE-691)
Taxonomy Mapping
  • CERT C Secure Coding
  • CERT C Secure Coding
  • The CERT Oracle Secure Coding Standard for Java (2011)
  • The CERT Oracle Secure Coding Standard for Java (2011)
  • The CERT Oracle Secure Coding Standard for Java (2011)
  • SEI CERT Perl Coding Standard