CWE-390: Detection of Error Condition Without Action

BaseDraftExploit Likelihood: Medium

The product detects a specific error, but takes no actions to handle the error.

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-390: Detection of Error Condition Without Action?+

CWE-390: Detection of Error Condition Without Action is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product detects a specific error, but takes no actions to handle the error.

What are the security consequences of Detection of Error Condition Without Action?+

If exploited, CWE-390 (Detection of Error Condition Without Action) it can compromise Integrity and Other, leading to outcomes such as Varies by Context, Unexpected State and Alter Execution Logic.

How do you prevent or mitigate Detection of Error Condition Without Action?+

Recommended mitigations for CWE-390 include: Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment. If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program. Subject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.

Which programming languages are affected by Detection of Error Condition Without Action?+

CWE-390 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Detection of Error Condition Without Action?+

MITRE documents real CVEs mapped to CWE-390, including CVE-2022-21820. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-390 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More