1. Home
  2. CWE Database
  3. CWE-1095
Base · Medium

CWE-1095: Loop Condition Value Update within the Loop

The product uses a loop with a control flow condition based on a value that is updated within the body of the loop.

CWE-1095 · Base Level

Description

The product uses a loop with a control flow condition based on a value that is updated within the body of the loop.

Potential Impact

Other

Reduce Maintainability, Increase Analytical Complexity

CWE-1120: Excessive Code Complexity

The code is too complex, as calculated using a well-defined, quantitative measure.

Taxonomy Mappings

  • OMG ASCMM: ASCMM-MNT-5 —

Frequently Asked Questions

What is CWE-1095?

CWE-1095 (Loop Condition Value Update within the Loop) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product uses a loop with a control flow condition based on a value that is updated within the body of the loop.

How can CWE-1095 be exploited?

Attackers can exploit CWE-1095 (Loop Condition Value Update within the Loop) to reduce maintainability, increase analytical complexity. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-1095?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-1095?

CWE-1095 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.