Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-248 (未捕获的异常) — Vulnerability Class 153

153 vulnerabilities classified as CWE-248 (未捕获的异常). AI Chinese analysis included.

CWE-248, Uncaught Exception, represents a critical software weakness where a function throws an error that the calling code fails to handle. This oversight typically allows attackers to exploit the vulnerability by triggering specific conditions that force the application to crash, resulting in a denial of service. Alternatively, the unhandled exception may cause the system to dump detailed stack traces or internal state information to the user interface, inadvertently exposing sensitive data such as database credentials or server architecture. To mitigate this risk, developers must implement robust error handling mechanisms, ensuring that all potential exceptions are explicitly caught and managed. By using try-catch blocks and providing generic, non-revealing error messages, programmers can maintain application stability and prevent information leakage, thereby securing the software against both availability attacks and data exposure.

MITRE CWE Description
An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.
Common Consequences (1)
Availability, ConfidentialityDoS: Crash, Exit, or Restart, Read Application Data
An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors.
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s().
CVE IDTitleCVSSSeverityPublished
CVE-2024-58111 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 High2025-04-07
CVE-2025-20664 MediaTek Chipsets 安全漏洞 — MT7915, MT7916, MT7981, MT7986, MT7990, MT7992 6.5AIMediumAI2025-04-07
CVE-2025-20663 MediaTek Chipsets 安全漏洞 — MT7915, MT7916, MT7981, MT7986 6.5AIMediumAI2025-04-07
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash — MongoDB Server 7.5 High2025-04-01
CVE-2024-11173 Unhandled Exception in danny-avila/librechat — danny-avila/librechat 7.5 -2025-03-20
CVE-2024-11172 Denial of Service in danny-avila/librechat — danny-avila/librechat 7.5 -2025-03-20
CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm — mintplex-labs/anything-llm 7.5 -2025-03-20
CVE-2024-8020 Denial of Service in lightning-ai/pytorch-lightning — lightning-ai/pytorch-lightning 7.5 -2025-03-20
CVE-2025-24836 Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception — Heart Health IOS Mobile Application 7.1 High2025-02-13
CVE-2025-0158 IBM EntireX denial of service — EntireX 5.5 Medium2025-02-06
CVE-2024-13417 2N OS 安全漏洞 — 2N OS 4.6 Medium2025-02-06
CVE-2025-20637 MediaTek Chipsets 代码问题漏洞 — MT7981, MT7986 7.5 -2025-02-03
CVE-2025-24883 go-ethereum has a DoS via malicious p2p message — go-ethereum 7.5 -2025-01-30
CVE-2025-0648 M-Files Server crash via EOT database driver configuration — M-Files Server 4.9 -2025-01-23
CVE-2024-54106 Huawei HarmonyOS 代码问题漏洞 — HarmonyOS 7.1 High2024-12-12
CVE-2024-11738 Rustls: rustls network-reachable panic in `acceptor::accept` 5.3 Medium2024-12-06
CVE-2024-20137 MediaTek Chipsets 安全漏洞 — MT6890, MT7622, MT7915, MT7916, MT7981, MT7986 7.5 -2024-12-02
CVE-2024-51750 Element allows a malicious homeserver can modify events leading to unrenderable events or rooms — element-web 5.0 Medium2024-11-12
CVE-2024-51518 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.3 Medium2024-11-05
CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects — boa 7.5 High2024-08-15
CVE-2024-43357 JavaScript specification issue may lead to type confusion and pointer dereference in implementations — ecma262 8.6 High2024-08-15
CVE-2024-42037 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 9.3 Critical2024-08-08
CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling — strapi 5.3 Medium2024-06-12
CVE-2024-34363 Envoy can crash due to uncaught nlohmann JSON exception — envoy 7.5 High2024-06-04
CVE-2024-31904 IBM App Connect Enterprise denial of service — App Connect Enterprise 6.5 Medium2024-05-22
CVE-2024-32995 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.2 Medium2024-05-11
CVE-2024-3052 Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability — Z/IP Gateway SDK 7.5 High2024-04-26
CVE-2024-3051 Z/IP Gateway Device Reset Locally Denial of Service Vulnerability — Z/IP Gateway SDK 7.5 High2024-04-26
CVE-2024-23449 Elasticsearch Uncaught Exception — Elasticsearch 4.3 Medium2024-03-29
CVE-2024-20276 Cisco Catalyst 安全漏洞 — IOS 7.4 High2024-03-27

Vulnerabilities classified as CWE-248 (未捕获的异常) represent 153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.