CWE-478: Missing Default Case in Multiple Condition Expression

BaseDraft

The code does not have a default case in an expression with multiple conditions, such as a switch statement.

View on MITRE
Back to CWE Lookup

Extended Description

If a multiple-condition expression (such as a switch in C) omits the default case but does not consider or handle all possible values that could occur, then this might lead to complex logical errors and resultant weaknesses. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.

Technical Details

Structure
Simple

Applicable To

Languages
CC++JavaC#PythonJavaScript
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-478

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references