Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-460 (抛出异常的清理不恰当) — Vulnerability Class 19

19 vulnerabilities classified as CWE-460 (抛出异常的清理不恰当). AI Chinese analysis included.

CWE-460 represents a resource management weakness where software fails to properly release resources or reset internal state when an exception interrupts normal execution flow. This vulnerability typically arises in complex functions or loops where cleanup logic is not robustly integrated with error handling mechanisms. Attackers exploit this by triggering specific exceptions to prevent essential cleanup tasks, such as closing file handles, releasing memory, or terminating database connections. Consequently, the application may retain sensitive data in memory, exhaust system resources, or leave the system in an inconsistent state, potentially leading to denial of service or information leakage. Developers mitigate this risk by implementing structured exception handling blocks, such as try-catch-finally constructs, ensuring that cleanup code executes regardless of whether an exception occurs. Additionally, using language-specific resource management patterns like RAII in C++ or context managers in Python guarantees deterministic resource release, thereby preventing state corruption and resource leaks during abnormal program termination.

MITRE CWE Description
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.
Common Consequences (1)
OtherVaries by Context
The code could be left in a bad state.
Mitigations (1)
ImplementationIf one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.
Examples (1)
The following example demonstrates the weakness.
public class foo { public static final void main( String args[] ) { boolean returnValue; returnValue=doStuff(); } public static final boolean doStuff( ) { boolean threadLock; boolean truthvalue=true; try { while( //check some condition ) { threadLock=true; //do some stuff to truthvalue threadLock=false; } } catch (Exception e){ System.err.println("You did something bad"); if (something) return truthvalue; } return truthvalue; } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt — core 9.1AICriticalAI2026-04-21
CVE-2026-33481 Syft improper temporary file cleanup — syft 5.3 Medium2026-03-26
CVE-2026-20118 Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability — Cisco IOS XR Software 6.8 Medium2026-03-11
CVE-2025-59399 libocpp 安全漏洞 — libocpp 3.1 Low2025-09-15
CVE-2025-32439 pleezer allows resource exhaustion through uncollected hook script processes — pleezer 6.5 Medium2025-04-15
CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies — envoy 6.5 Medium2025-03-21
CVE-2024-12289 Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service — Boundary 5.9 Medium2024-12-12
CVE-2024-20354 Cisco Aironet Access Point Software 安全漏洞 — Cisco Aironet Access Point Software 4.7 Medium2024-03-27
CVE-2024-0316 Improper cleanup vulnerability in FireEye Endpoint Security — FireEye Endpoint Security 6.8 Medium2024-01-15
CVE-2022-4744 Linux kernel 资源管理错误漏洞 — Kernel 7.8 -2023-03-30
CVE-2022-3707 Linux kernel 资源管理错误漏洞 — kernel 5.5 -2023-03-06
CVE-2022-3301 Improper Cleanup on Thrown Exception in ikus060/rdiffweb — ikus060/rdiffweb 4.3 -2022-09-26
CVE-2022-22150 Foxit PDF Reader和Foxit PDF Editor 缓冲区错误漏洞 — Foxit 8.8 -2022-02-04
CVE-2021-34716 Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability — Cisco TelePresence Video Communication Server (VCS) Expressway 6.7 Medium2021-08-18
CVE-2020-14304 Linux kernel 安全漏洞 — kernel 4.4 Medium2020-09-15
CVE-2019-14891 cri-o 代码问题漏洞 — cri-o 5.0 -2019-11-25
CVE-2017-9657 Philips IntelliVue MX40 Patient Worn Monitor 安全漏洞 — IntelliVue MX40 Patient Worn Monitor--2018-04-30
CVE-2016-9592 Red Hat OpenShift Enterprise 安全漏洞 — openshift 6.5 -2018-04-16
CVE-2017-15127 Linux kernel 安全漏洞 — Linux kernel before 4.13 5.5 -2018-01-14

Vulnerabilities classified as CWE-460 (抛出异常的清理不恰当) represent 19 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.