Improper cleanup on thrown exception

Revision as of 21:18, 30 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ asian time ] [ monrovia africa history ] [ african american care child foster in ] asian style decor [ custom auto amp rack ] [ south african animals and plants ] [ automation and drives ] [ positive cash flow property australia ] domain [ automatic vents ] [ asiann ] domain [ airline asian southeast ] [ norton antivirus corporate edition uninstall ] [ auto crystal insurance springs ] aborigines + dreamtime + australia [ norton antivirus 2004 crack serial ] http [ asian canada cheap flight from from ] [ disney's fantasia ] notron antivirus 2004 [ puffy amiyumi lyrics true asia ] [ online auto foreclosure auctions ] [ asia consulting ] [ stinger antivirus tools ] site [ auto forumi ] clam win antivirus [ auto part swap meet ] http [ colorectal neoplasia ] [ auto recyclers ontario canada ] [ scotts auto country incorporated ] [ africa development ford foundation ] [ autotarget ] [ australian shepherd nationals ] [ symantec antivirus server 2003 ] [ auto ccd scanning single ] miss south africa 1997 [ asian male models portfolio ] asian cover duvet [ asian spas georgia ] johnny bench autographed baseball [ gnc live well australia ] [ accomodation cairns australia ] [ asia info southeast ] [ asian buddy icons ] [ symantec antivirus client removal tool ] asian pendant pretty asia women

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/30/2009

Vulnerabilities Table of Contents


Causing a change in flow, due to an exception, can often leave the code in a bad state.


  • Implementation: The code could be left in a bad state.

Exposure period

  • Implementation: Many logic errors can lead to this condition.


  • Languages: Java, C, C# or any language which can throw an exception.
  • Operating platforms: Any

Required resources




Likelihood of exploit


Often, when functions or loops become complicated, some level of cleanup in the beginning to the end is needed. Often, since exceptions can disturb the flow of the code, one can leave a code block in a bad state.

Risk Factors



In C++/Java:

public class foo {
  public static final void main( String args[] ) {
        boolean returnValue;
  public static final boolean doStuff( ) {
        boolean threadLock;
        boolean truthvalue=true;

        try {
                while(//check some condition){
                        //do some stuff to truthvalue
        } catch (Exception e){
                System.err.println("You did something bad");
                        if (something) return truthvalue;
        return  truthvalue;

In this case, you may leave a thread locked accidentally.

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.

Related Technical Impacts