CWE-483: Incorrect Block Delimitation

BaseDraftExploit Likelihood: Low

The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.

View on MITRE
Back to CWE Lookup

Extended Description

In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.

Technical Details

Structure
Simple

Applicable To

Languages
CC++
Platforms

Frequently Asked Questions

What is CWE-483: Incorrect Block Delimitation?+

CWE-483: Incorrect Block Delimitation is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error. In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.

What are the security consequences of Incorrect Block Delimitation?+

If exploited, CWE-483 (Incorrect Block Delimitation) it can compromise Confidentiality, Integrity and Availability, leading to outcomes such as Alter Execution Logic.

How do you prevent or mitigate Incorrect Block Delimitation?+

Recommended mitigations for CWE-483 include: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.

Which programming languages are affected by Incorrect Block Delimitation?+

CWE-483 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Incorrect Block Delimitation?+

MITRE documents real CVEs mapped to CWE-483, including CVE-2014-1266. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-483 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More