Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Software vulnerabilities can result when a programmer fails to consider all possible data states.

Include Page
c:MSC01 NCCE if
c:MSC01 NCCE if
Include Page
c:MSC01 CS if
c:MSC01 CS if
Include Page
c:MSC01 NCCE switch
c:MSC01 NCCE switch
Include Page
c:MSC01 CS switch
c:MSC01 CS switch

Risk Assessment

Failing to take into account all possibilities within a logic statement can lead to a corrupted running state, possibly resulting in unintentional information disclosure or abnormal termination.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC01-A

2 (medium)

1 (unlikely)

2 (medium)

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Hatton 95|AA. C References#Hatton 95]\] Section 2.7.2, "Errors of omission and addition"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.17, "Failure to account for default case in switch"