Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-755 (对异常条件的处理不恰当) — Vulnerability Class 158

158 vulnerabilities classified as CWE-755 (对异常条件的处理不恰当). AI Chinese analysis included.

CWE-755 represents a critical software weakness where applications fail to properly manage unexpected or exceptional runtime conditions, such as network timeouts, resource exhaustion, or invalid input states. This flaw typically allows attackers to exploit the lack of robust error handling by triggering specific exceptions that cause the system to crash, leak sensitive internal stack traces, or enter an unstable state. By carefully crafting inputs that induce these exceptional conditions, adversaries can achieve denial of service or potentially escalate privileges if the application behaves unpredictably during failure recovery. To mitigate this risk, developers must implement comprehensive exception handling mechanisms that validate inputs, ensure graceful degradation, and log errors securely without exposing internal details. Utilizing defensive programming practices and rigorous testing ensures that the software remains stable and secure even when encountering unforeseen operational anomalies.

MITRE CWE Description
The product does not handle or incorrectly handles an exceptional condition.
Common Consequences (1)
OtherOther
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { //We do nothing so we just ignore the error. }
Bad · C
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { printf("Malloc failed to allocate memory resources"); return -1; }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-23666 .NET Framework Denial of Service Vulnerability — Microsoft .NET Framework 3.5 7.5 High2026-04-14
CVE-2026-40074 SvelteKit's invalidated redirect in handle hook causes Denial-of-Service — kit 6.5 -2026-04-10
CVE-2026-28542 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.3 High2026-03-05
CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future — wasmtime 6.8 -2026-02-24
CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed — caddy 8.2 -2026-02-24
CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request — cube 6.5 Medium2026-02-09
CVE-2026-23762 VB-Audio Voicemeeter & Matrix Drivers DoS via MmMapLockedPagesSpecifyCache — Voicemeeter (Standard) 6.3AIMediumAI2026-01-22
CVE-2026-21906 Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash — Junos OS 7.5 High2026-01-15
CVE-2026-0203 Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart — Junos OS 6.5 Medium2026-01-15
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS — rustfs 7.5 -2026-01-07
CVE-2025-66622 matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values — matrix-rust-sdk 7.5AIHighAI2025-12-09
CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources — wasmtime 7.5 -2025-10-24
CVE-2025-53702 DoS vulnerability in Vilar VS-IPC1002 IP cameras — VS-IPC1002 5.7AIMediumAI2025-10-23
CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability — ArmorStart AOP 7.5AIHighAI2025-10-14
CVE-2025-34193 Vasion Print (formerly PrinterLogic) Insecure Windows Components Lack Modern Memory Protections and Use Outdated Runtimes — Print Virtual Appliance Host 8.4 -2025-09-19
CVE-2025-10156 PickleScan Security Bypass via Bad CRC in ZIP Archive — picklescan 7.8AIHighAI2025-09-17
CVE-2025-8008 Rockwell Automation 1756-ENT2R, EN4TR, EN4TRXT Vulnerability — 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT 7.5AIHighAI2025-09-09
CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user — volto 7.5 High2025-08-28
CVE-2025-54634 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.0 High2025-08-06
CVE-2025-52948 Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled — Junos OS 5.9 Medium2025-07-11
CVE-2025-52947 Junos OS: ACX Series: When 'hot-standby' mode is configured for an L2 circuit, interface flap causes the FEB to crash — Junos OS 6.5 Medium2025-07-11
CVE-2025-41222 Siemens多款产品 安全漏洞 — RUGGEDCOM i800 5.3 Medium2025-07-08
CVE-2025-46733 REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure — optee_os 7.9 High2025-07-04
CVE-2025-48886 hydra-node dangerously assumes L1 event finality and does not consider failed transactions — hydra 4.8 Medium2025-06-19
CVE-2025-4649 ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. — web 4.9 Medium2025-05-13
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode — react-router 7.5 High2025-04-25
CVE-2025-30652 Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash — Junos OS 5.5 Medium2025-04-09
CVE-2025-24478 5380/5580 Denial-of-Service Vulnerability — GuardLogix 5580 SIL 3 7.5 -2025-01-28
CVE-2024-37284 Elastic Defend Improper Handling of Alternate Encoding Leads to Crash — Elastic Defend 5.5 Medium2025-01-21
CVE-2024-11864 SCP-Firmware Vulnerability — SCP-Firmware 7.5 -2025-01-14

Vulnerabilities classified as CWE-755 (对异常条件的处理不恰当) represent 158 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.