Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-391 (未经检查的错误条件) — Vulnerability Class 23

23 vulnerabilities classified as CWE-391 (未经检查的错误条件). AI Chinese analysis included.

CWE-391 represents a critical software weakness where developers fail to properly handle or verify error conditions, such as ignored exceptions or unchecked return values. This oversight allows attackers to induce unexpected application behavior without detection, potentially leading to denial of service, data corruption, or further exploitation. By neglecting to validate the outcome of critical operations, systems remain vulnerable to state manipulation or resource exhaustion. To mitigate this risk, developers must implement robust error handling strategies that explicitly check for failures and respond appropriately. This includes validating function return codes, catching specific exceptions, and ensuring that security-sensitive operations are verified before proceeding. Adhering to these practices ensures that errors are logged, reported, or handled securely, preventing attackers from exploiting silent failures to compromise system integrity or availability.

MITRE CWE Description
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State, Alter Execution Logic
Mitigations (3)
RequirementsThe choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.
RequirementsA language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.
ImplementationCatch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
Examples (1)
The following code excerpt ignores a rarely-thrown exception from doExchange().
try { doExchange(); } catch (RareException e) { // this can never happen }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API — Apache Tomcat 9.1 -2024-11-18
CVE-2022-20849 Cisco IOS XR Software Broadband Network Gateway PPPoE Denial of Service Vulnerability — Cisco IOS XR Software 6.1 Medium2024-11-15
CVE-2024-23326 Envoy incorrectly accepts HTTP 200 response for entering upgrade mode — envoy 5.9 Medium2024-06-04
CVE-2023-32871 MediaTek 芯片 安全漏洞 — MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 7.8AIHighAI2024-05-06
CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor — froxlor/froxlor 5.3 Medium2023-01-29
CVE-2022-22160 Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message — Junos OS 6.5 Medium2022-01-19
CVE-2020-14383 Samba 安全漏洞 — samba 6.5 -2020-12-02
CVE-2019-14853 python-ecdsa 安全漏洞 — python-ecdsa 7.5 -2019-11-26
CVE-2016-10526 gh-pages 安全漏洞 — grunt-gh-pages node module 8.6 -2018-05-31
CVE-2018-1091 Linux kernel 缓冲区错误漏洞 — Linux kernel v4.13 and newer 5.5 -2018-03-27
CVE-2017-12186 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12187 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12185 xorg-x11-server 安全漏洞 — n/a 9.8 -2018-01-24
CVE-2017-12184 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12183 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12182 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12181 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12180 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12179 xorg-x11-server 数字错误漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12178 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12177 xorg-x11-server 数字错误漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-12176 xorg-x11-server 安全漏洞 — xorg-x11-server 9.8 -2018-01-24
CVE-2017-7496 fedora-arm-installer 权限许可和访问控制漏洞 — fedora-arm-installer 7.0 -2017-06-26

Vulnerabilities classified as CWE-391 (未经检查的错误条件) represent 23 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.