CWE-705

Incorrect Control Flow Scoping

Class

Incomplete

Description

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Parent Weaknesses (ChildOf)

CWE-691: Insufficient Control Flow Mana...

Common Consequences

Scope

Other

Impact

Alter Execution Logic, Other

CVE-2023-21087

Java code in a smartphone OS can encounter a "boot loop" due to an uncaught exception

CVE-2014-1266

Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint). The code's whitespace indentation did not reflect the actual control flow (CWE-1114) and did not explicitly delimit the block (CWE-483), which could have made it more difficult for human code auditors to detect the vulnerability.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-705

Incorrect Control Flow Scoping

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms