The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.
View on MITREWhen the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.
Always verify the integrity of the product that is being installed.
Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
CWE-511: Logic/Time Bomb is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met. When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.
If exploited, CWE-511 (Logic/Time Bomb) it can compromise Other and Integrity, leading to outcomes such as Varies by Context and Alter Execution Logic.
Recommended mitigations for CWE-511 include: Always verify the integrity of the product that is being installed. Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.
CWE-511 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-511 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.