Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-755 (对异常条件的处理不恰当) — Vulnerability Class 158

158 vulnerabilities classified as CWE-755 (对异常条件的处理不恰当). AI Chinese analysis included.

CWE-755 represents a critical software weakness where applications fail to properly manage unexpected or exceptional runtime conditions, such as network timeouts, resource exhaustion, or invalid input states. This flaw typically allows attackers to exploit the lack of robust error handling by triggering specific exceptions that cause the system to crash, leak sensitive internal stack traces, or enter an unstable state. By carefully crafting inputs that induce these exceptional conditions, adversaries can achieve denial of service or potentially escalate privileges if the application behaves unpredictably during failure recovery. To mitigate this risk, developers must implement comprehensive exception handling mechanisms that validate inputs, ensure graceful degradation, and log errors securely without exposing internal details. Utilizing defensive programming practices and rigorous testing ensures that the software remains stable and secure even when encountering unforeseen operational anomalies.

MITRE CWE Description
The product does not handle or incorrectly handles an exceptional condition.
Common Consequences (1)
OtherOther
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { //We do nothing so we just ignore the error. }
Bad · C
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { printf("Malloc failed to allocate memory resources"); return -1; }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-11863 SCP-Firmware Vulnerability — SCP-Firmware 7.5 -2025-01-14
CVE-2025-21602 Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash — Junos OS 6.5 Medium2025-01-09
CVE-2025-21596 Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash — Junos OS 5.5 Medium2025-01-09
CVE-2024-41886 Improper Input Validation — XRN-420S 7.2 -2024-12-24
CVE-2024-12236 Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration — Vertex Gemini API 7.5 -2024-12-10
CVE-2024-52529 Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium — cilium 5.8 Medium2024-11-25
CVE-2024-51766 HPE NonStop DISK UTIL, Local Denial of Service vulnerability — HPE NonStop DISK UTIL 6.5 Medium2024-11-22
CVE-2024-9413 ARM SCP-Firmware 安全漏洞 — SCP-Firmware 8.8AIHighAI2024-11-13
CVE-2024-51502 Panic Vulnerability in loona-hpack — loona 9.8AICriticalAI2024-11-04
CVE-2024-51744 Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt — jwt 3.1 Low2024-11-04
CVE-2024-47491 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP path attribute leads to an RPD crash — Junos OS 5.9 Medium2024-10-11
CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE — Junos OS Evolved 5.8 Medium2024-10-11
CVE-2024-39547 Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization — Junos OS 7.5 High2024-10-11
CVE-2024-39526 Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11/LC9600, MX304, EX9200, PTX Series: Receipt of malformed DHCP packets causes interfaces to stop processing packets — Junos OS 6.5 Medium2024-10-11
CVE-2024-39525 Junos OS and Junos OS Evolved: When BGP traceoptions is enabled, receipt of specially crafted BGP packet causes RPD crash — Junos OS 7.5 High2024-10-09
CVE-2024-47609 Remotely exploitable DoS in Tonic `<=v0.12.2` — tonic 7.5 -2024-10-01
CVE-2024-6594 WatchGuard Firebox Single Sign-On Client Denial-of-Service — Single Sign-On Client 7.5 High2024-09-25
CVE-2024-45038 Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware — firmware 7.5 High2024-08-27
CVE-2024-0108 NVIDIA Jetson 安全漏洞 — NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series 8.7 High2024-08-08
CVE-2024-39552 Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash — Junos OS 7.5 High2024-07-11
CVE-2024-39541 Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash — Junos OS 6.5 Medium2024-07-11
CVE-2024-39560 Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash — Junos OS 6.5 Medium2024-07-10
CVE-2024-39555 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset — Junos OS 7.5 High2024-07-10
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS — Apache Tomcat 5.3AIMediumAI2024-07-03
CVE-2024-3150 Privilege Escalation in mintplex-labs/anything-llm — mintplex-labs/anything-llm 8.8AIHighAI2024-06-06
CVE-2023-50212 D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability — G416 6.5 -2024-05-03
CVE-2024-32652 @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed — node-server 7.5 High2024-04-19
CVE-2024-30380 Junos OS and Junos OS Evolved: l2cpd crash upon receipt of a specific TLV — Junos OS 6.5 Medium2024-04-16
CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik — traefik 7.5 High2024-04-12
CVE-2024-30382 Junos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configured — Junos OS 7.5 High2024-04-12

Vulnerabilities classified as CWE-755 (对异常条件的处理不恰当) represent 158 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.