Improper Cleanup on Thrown Exception| ID: 460 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
The product does not clean up its state or incorrectly cleans
up its state when an exception is thrown, leading to unexpected state or control
flow.
Likelihood of Exploit: Medium
Applicable PlatformsLanguage: CLanguage: C++Language: JavaLanguage: .NET
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Other | Varies by context | The code could be left in a bad state. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | If one breaks from a loop or function by throwing an exception, make
sure that cleanup happens or that you should exit the program. Use
throwing exceptions sparsely. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-460 ChildOf CWE-889 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Improper cleanup on thrown exception | |
| CERT Java Secure Coding | ERR03-J | Restore prior object state on method
failure | |
| CERT Java Secure Coding | ERR05-J | Do not let checked exceptions escape from a finally
block | |
| CERT C++ Secure Coding | ERR39-CPP | Guarantee exception safety | |
References:None
