The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
The following example attempts to resolve a hostname.
A DNS lookup failure will cause the Servlet to throw an exception.
This code queries a server and displays its status when a request comes from an authorized IP address.
This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).
Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.
Java code in a smartphone OS can encounter a "boot loop" due to an uncaught exception
View Detailschain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
View DetailsCWE-705: Incorrect Control Flow Scoping is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.
If exploited, CWE-705 (Incorrect Control Flow Scoping) it can compromise Other, leading to outcomes such as Alter Execution Logic and Other.
CWE-705 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-705, including CVE-2023-21087 and CVE-2014-1266. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-705 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.