Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-248 (未捕获的异常) — Vulnerability Class 153

153 vulnerabilities classified as CWE-248 (未捕获的异常). AI Chinese analysis included.

CWE-248, Uncaught Exception, represents a critical software weakness where a function throws an error that the calling code fails to handle. This oversight typically allows attackers to exploit the vulnerability by triggering specific conditions that force the application to crash, resulting in a denial of service. Alternatively, the unhandled exception may cause the system to dump detailed stack traces or internal state information to the user interface, inadvertently exposing sensitive data such as database credentials or server architecture. To mitigate this risk, developers must implement robust error handling mechanisms, ensuring that all potential exceptions are explicitly caught and managed. By using try-catch blocks and providing generic, non-revealing error messages, programmers can maintain application stability and prevent information leakage, thereby securing the software against both availability attacks and data exposure.

MITRE CWE Description
An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.
Common Consequences (1)
Availability, ConfidentialityDoS: Crash, Exit, or Restart, Read Application Data
An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors.
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s().
CVE IDTitleCVSSSeverityPublished
CVE-2026-41585 ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients — zebra 6.5AIMediumAI2026-05-08
CVE-2026-7183 aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception — UERANSIM 5.3 Medium2026-04-27
CVE-2026-5937 Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability — Foxit PDF Editor 5.5 Medium2026-04-27
CVE-2026-35348 uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing — coreutils 5.5 Medium2026-04-22
CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 — wasmtime 7.5AIHighAI2026-04-09
CVE-2026-34943 Wasmtime panics when lifting `flags` component value — wasmtime 7.5AIHighAI2026-04-09
CVE-2026-24175 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 7.5 High2026-04-07
CVE-2026-34986 Go JOSE affect by a panic in JWE decryption — go-jose 7.5 High2026-04-06
CVE-2026-34752 Haraka affected by DoS via `__proto__` email header — Haraka 5.3AIMediumAI2026-04-02
CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass — siyuan 7.5 High2026-03-20
CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server — parse-server 5.9 Medium2026-03-18
CVE-2026-32314 Yamux remote Panic via malformed Data frame with SYN set and len = 262145 — rust-yamux 7.5AIHighAI2026-03-13
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos — LibreChat 6.5 Medium2026-03-13
CVE-2026-2229 undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation — undici 7.5 High2026-03-12
CVE-2026-1528 undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client — undici 7.5 High2026-03-12
CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header — cpp-httplib 7.5 High2026-03-11
CVE-2026-31812 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing — quinn 7.5 -2026-03-10
CVE-2026-20068 Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability — Cisco Cyber Vision 5.8 Medium2026-03-04
CVE-2026-20031 ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability — Cisco Secure Endpoint 5.3 Medium2026-03-04
CVE-2026-27631 Exiv2: Uncaught exception - cannot create std::vector larger than max_size() — exiv2 5.5AIMediumAI2026-03-02
CVE-2026-1507 Uncaught Exception vulnerability in AVEVA PI Data Archive — PI Data Archive PI Server 7.5 High2026-02-10
CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service — core 7.5 High2026-02-10
CVE-2025-13064 AXIS Camera Station Pro 安全漏洞 — AXIS Camera Station Pro 4.5 Medium2026-02-10
CVE-2025-67647 SvelteKit Denial of service and possible SSRF when using prerendering — kit 7.5AIHighAI2026-01-15
CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation — xmlseclibs 6.0 Medium2025-12-09
CVE-2025-20758 MediaTek Chipsets 安全漏洞 — MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 7.5AIHighAI2025-12-02
CVE-2025-20754 MediaTek Chipsets 安全漏洞 — MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 7.5AIHighAI2025-12-02
CVE-2025-20753 MediaTek Chipsets 安全漏洞 — MT2735, MT2737, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8675, MT8771, MT8791, MT8791T, MT8797 7.5AIHighAI2025-12-02
CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter — grav 4.9AIMediumAI2025-12-01
CVE-2025-8870 On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device. — EOS 4.9 Medium2025-11-14

Vulnerabilities classified as CWE-248 (未捕获的异常) represent 153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.