CWE-483 - Incorrect Block Delimitation
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Incorrect Block Delimitation
Description
The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.
In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.
Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Alter Execution Logic
Notes: This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed.