Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-561 (死代码) — Vulnerability Class 7

7 vulnerabilities classified as CWE-561 (死代码). AI Chinese analysis included.

CWE-561 represents a software weakness characterized by the presence of dead code, which consists of instructions that can never be executed during normal program operation. While typically not directly exploitable for immediate remote code execution, this weakness creates significant security risks by obscuring the actual logic flow and increasing the attack surface. Attackers may exploit dead code to hide malicious payloads, confuse security analysis tools, or leverage residual functionality if the surrounding conditions change unexpectedly. Developers avoid this issue by employing rigorous static code analysis tools to identify unreachable branches and implementing strict code review processes that enforce modular design. Regular refactoring and the removal of unused functions further ensure that the codebase remains clean, maintainable, and free from potential security blind spots caused by obsolete or inaccessible logic.

MITRE CWE Description
The product contains dead code, which can never be executed. Dead code is code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Common Consequences (2)
OtherQuality Degradation
Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality.
OtherReduce Maintainability
Mitigations (1)
ImplementationRemove dead code before deploying the application.
Examples (2)
The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null. However, on the only path where s can be assigned a non-null value, there is a return statement.
String s = null; if (b) { s = "Yes"; return; } if (s != null) { Dead(); }
Bad · C++
In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.
public class DoubleDead { private void doTweedledee() { doTweedledumb(); } private void doTweedledumb() { doTweedledee(); } public static void main(String[] args) { System.out.println("running DoubleDead"); } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-34205 Vasion Print (formerly PrinterLogic) Dangerous PHP Dead Code Enables RCE — Print Virtual Appliance Host 9.8 -2025-09-19
CVE-2024-8300 Malicious Code Execution Vulnerability in GENESIS64 and ICONICS Suite — GENESIS64 7.0 High2024-11-28
CVE-2024-32634 Logically dead code — Falcon 6.1 Medium2024-04-16
CVE-2022-33726 SAMSUNG Mobile devices 安全漏洞 — Samsung Mobile Devices 3.3 Low2022-08-05
CVE-2022-33685 SAMSUNG Mobile devices 安全漏洞 — Samsung Mobile Devices 4.0 Medium2022-07-11
CVE-2022-30748 Samsung Members 安全漏洞 — Samsung Members 4.0 Medium2022-06-07
CVE-2021-25398 Bixby Voice 安全漏洞 — Bixby Voice 3.3 -2021-06-11

Vulnerabilities classified as CWE-561 (死代码) represent 7 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.