Incorrect block delimitation

Revision as of 08:14, 26 September 2008 by KirstenS (Talk | contribs)

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/26/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


In some languages, forgetting to explicitly delimit a block can result in a logic error that can, in turn, have security implications.


This is a general logic error - with all the potential consequences that this entails.

Exposure period

  • Implementation


C, C++, C#, Java

Required resources




Likelihood of exploit


Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Attacks

Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here

Related Controls

Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg:


Avoidance and mitigation

Implementation: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.


In many languages, braces are optional for blocks, and - in a case where braces are omitted - it is possible to insert a logic error where a statement is thought to be in a block but is not. This is a common and well known reliability error.


In this example, when the condition is true, the intention may be that both x and y run.

if (condition==true) x;

Related problems

Not available.