Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-248 (未捕获的异常) — Vulnerability Class 153

153 vulnerabilities classified as CWE-248 (未捕获的异常). AI Chinese analysis included.

CWE-248, Uncaught Exception, represents a critical software weakness where a function throws an error that the calling code fails to handle. This oversight typically allows attackers to exploit the vulnerability by triggering specific conditions that force the application to crash, resulting in a denial of service. Alternatively, the unhandled exception may cause the system to dump detailed stack traces or internal state information to the user interface, inadvertently exposing sensitive data such as database credentials or server architecture. To mitigate this risk, developers must implement robust error handling mechanisms, ensuring that all potential exceptions are explicitly caught and managed. By using try-catch blocks and providing generic, non-revealing error messages, programmers can maintain application stability and prevent information leakage, thereby securing the software against both availability attacks and data exposure.

MITRE CWE Description
An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.
Common Consequences (1)
Availability, ConfidentialityDoS: Crash, Exit, or Restart, Read Application Data
An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors.
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s().
CVE IDTitleCVSSSeverityPublished
CVE-2025-12423 Denial of Service - Protocol Manipulation — BLU-IC2 7.5AIHighAI2025-10-28
CVE-2025-59462 Denial-of-service (DoS) via delayed or missing client response — TLOC100-100 all Firmware versions 6.5 Medium2025-10-27
CVE-2025-48430 Gallagher Command Centre Server 安全漏洞 — Command Centre Server 5.5 Medium2025-10-23
CVE-2025-62370 Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing — core 7.5 High2025-10-15
CVE-2025-59229 Microsoft Office Denial of Service Vulnerability — Microsoft 365 Apps for Enterprise 5.5 Medium2025-10-14
CVE-2025-9124 Rockwell Automation Compact GuardLogix® 5370 Denial-Of-Service Vulnerability — Compact GuardLogix® 5370 7.5AIHighAI2025-10-14
CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook — argo-cd 7.5 High2025-10-01
CVE-2025-35436 CISA Thorium account verification email error handling — Thorium 5.3 Medium2025-09-17
CVE-2025-59014 Denial of Service in TYPO3 Bookmark Toolbar — TYPO3 CMS 4.9AIMediumAI2025-09-09
CVE-2025-54777 Konica Minolta bizhub 安全漏洞 — Multiple products in bizhub series 7.5 -2025-08-29
CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload — Part-DB-server 5.7 Medium2025-08-13
CVE-2013-10065 Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS — Multi-Server 7.5AIHighAI2025-08-05
CVE-2025-7338 Multer vulnerable to Denial of Service via unhandled exception from malformed request — multer 7.5 High2025-07-17
CVE-2025-53620 Crashing any Qwik Server — qwik 7.5AIHighAI2025-07-09
CVE-2025-53366 MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service — python-sdk 7.5 -2025-07-04
CVE-2025-53365 MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service — python-sdk 7.5 -2025-07-04
CVE-2025-36539 AVEVA PI Data Archive Uncaught Exception — PI Data Archive 6.5 Medium2025-06-12
CVE-2025-44019 AVEVA PI Data Archive Uncaught Exception — PI Data Archive 7.1 High2025-06-12
CVE-2025-48907 Huawei HarmonyOS 5.0.0 安全漏洞 — HarmonyOS 6.2 Medium2025-06-06
CVE-2025-48997 Multer vulnerable to Denial of Service via unhandled exception — multer 7.5 -2025-06-03
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling — quic-go 7.5 High2025-06-02
CVE-2025-48943 vLLM allows clients to crash the openai server with invalid regex — vllm 6.5 Medium2025-05-30
CVE-2025-48942 vLLM DOS: Remotely kill vllm over http with invalid JSON schema — vllm 6.5 Medium2025-05-30
CVE-2025-47944 Multer vulnerable to Denial of Service from maliciously crafted requests — multer 7.5 High2025-05-19
CVE-2024-52903 IBM Db2 denial of service — Db2 for Linux, UNIX and Windows 5.3 Medium2025-05-01
CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled 7.5 High2025-04-29
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability — trpc 7.5 -2025-04-24
CVE-2025-32944 PeerTube User Import Authenticated Persistent Denial of Service 6.5 Medium2025-04-15
CVE-2024-49705 XSS in iKSORIS — iKSORIS 6.5AIMediumAI2025-04-14
CVE-2024-58112 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 High2025-04-07

Vulnerabilities classified as CWE-248 (未捕获的异常) represent 153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.