Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-755 (对异常条件的处理不恰当) — Vulnerability Class 158

158 vulnerabilities classified as CWE-755 (对异常条件的处理不恰当). AI Chinese analysis included.

CWE-755 represents a critical software weakness where applications fail to properly manage unexpected or exceptional runtime conditions, such as network timeouts, resource exhaustion, or invalid input states. This flaw typically allows attackers to exploit the lack of robust error handling by triggering specific exceptions that cause the system to crash, leak sensitive internal stack traces, or enter an unstable state. By carefully crafting inputs that induce these exceptional conditions, adversaries can achieve denial of service or potentially escalate privileges if the application behaves unpredictably during failure recovery. To mitigate this risk, developers must implement comprehensive exception handling mechanisms that validate inputs, ensure graceful degradation, and log errors securely without exposing internal details. Utilizing defensive programming practices and rigorous testing ensures that the software remains stable and secure even when encountering unforeseen operational anomalies.

MITRE CWE Description
The product does not handle or incorrectly handles an exceptional condition.
Common Consequences (1)
OtherOther
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { //We do nothing so we just ignore the error. }
Bad · C
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { printf("Malloc failed to allocate memory resources"); return -1; }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak — comrak 5.3 Medium2023-03-28
CVE-2022-23121 Netatalk 安全漏洞 — Netatalk 9.8 -2023-03-28
CVE-2023-27595 Cilium eBPF filters may be temporarily removed during agent restart — cilium 6.5 Medium2023-03-17
CVE-2022-45155 obs-service-go_modules: arbitrary directory delete — openSUSE Factory 5.5 Medium2023-03-15
CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions — xwiki-platform 6.5 Medium2023-03-02
CVE-2021-4105 Unauthenticated Remote Code Execution on COSLAT Firewall — COSLAT Firewall 9.8 Critical2023-02-24
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub — datahub 5.7 Medium2023-02-10
CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering — wire-webapp 5.3 Medium2023-01-27
CVE-2023-22391 Junos OS: ACX2K Series: Receipt of a high rate of specific traffic will lead to a Denial of Service (DoS) — Junos OS 7.5 High2023-01-12
CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag — go-merkledag 7.5 High2022-12-08
CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa — yauaa 7.5 High2022-12-08
CVE-2022-20920 Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability — Cisco IOS 7.7 High2022-10-10
CVE-2022-35295 SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞 — SAP Host Agent (SAPOSCOL) 7.2 -2022-09-13
CVE-2022-36031 Unhandled exception on illegal filename_disk value — directus 6.5 Medium2022-08-19
CVE-2022-22202 Junos OS: PTX Series: FPCs may restart unexpectedly upon receipt of specific MPLS packets with certain multi-unit interface configurations — Junos OS 6.5 Medium2022-07-20
CVE-2022-1965 CODESYS runtime system prone to file deletion due to improper error handling — Runtime Toolkit 8.1 High2022-06-24
CVE-2022-29617 Contributor License Agreement assistant 安全漏洞 — CLA Assistant 6.5 -2022-06-06
CVE-2021-40402 Gerbv 缓冲区错误漏洞 — Gerbv 7.5 -2022-04-14
CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy — PAN-OS 5.9 Medium2022-04-13
CVE-2022-23161 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.5 High2022-04-12
CVE-2020-25691 darkhttpd 安全漏洞 — darkhttpd 7.5 -2022-04-01
CVE-2022-23625 DoS vulnerability: Malformed Resource Identifiers — wire-ios 6.5 Medium2022-03-11
CVE-2021-22285 SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module — SPIET800 7.5 High2022-02-04
CVE-2022-0264 Linux kernel 信息泄露漏洞 — kernel 3.3 -2022-02-04
CVE-2022-23018 F5 BIG-IP AFM 安全漏洞 — BIG-IP AFM 7.5 -2022-01-25
CVE-2022-22174 Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets — Junos OS 7.5 High2022-01-19
CVE-2022-21667 Denial of Service in soketi — soketi 7.5 High2022-01-07
CVE-2021-43827 Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes — discourse-footnote 4.3 Medium2021-12-14
CVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces — PAN-OS 7.5 High2021-11-10
CVE-2021-43173 Hanging RRDP request — Routinator 7.5 -2021-11-09

Vulnerabilities classified as CWE-755 (对异常条件的处理不恰当) represent 158 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.