Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-755 (对异常条件的处理不恰当) — Vulnerability Class 158

158 vulnerabilities classified as CWE-755 (对异常条件的处理不恰当). AI Chinese analysis included.

CWE-755 represents a critical software weakness where applications fail to properly manage unexpected or exceptional runtime conditions, such as network timeouts, resource exhaustion, or invalid input states. This flaw typically allows attackers to exploit the lack of robust error handling by triggering specific exceptions that cause the system to crash, leak sensitive internal stack traces, or enter an unstable state. By carefully crafting inputs that induce these exceptional conditions, adversaries can achieve denial of service or potentially escalate privileges if the application behaves unpredictably during failure recovery. To mitigate this risk, developers must implement comprehensive exception handling mechanisms that validate inputs, ensure graceful degradation, and log errors securely without exposing internal details. Utilizing defensive programming practices and rigorous testing ensures that the software remains stable and secure even when encountering unforeseen operational anomalies.

MITRE CWE Description
The product does not handle or incorrectly handles an exceptional condition.
Common Consequences (1)
OtherOther
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { //We do nothing so we just ignore the error. }
Bad · C
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { printf("Malloc failed to allocate memory resources"); return -1; }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-21610 Junos OS: If in a scaled CoS scenario information on CoS state is gathered mgd processes get stuck — Junos OS 4.3 Medium2024-04-12
CVE-2024-32001 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used — spicedb 2.2 Low2024-04-10
CVE-2023-42509 JFrog Artifactory Sensitive Data Leakage in Repository configuration process — Artifactory 6.6 Medium2024-03-07
CVE-2023-4537 Protocol Downgrade in Comarch ERP XL — ERP XL 7.4 High2024-02-15
CVE-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS — envoy 7.5 High2024-02-09
CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations. — Red Hat build of Quarkus 2.13.9.Final 8.6 High2024-01-25
CVE-2024-21587 Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled — Junos OS 6.5 Medium2024-01-12
CVE-2024-21585 Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash — Junos OS 5.9 Medium2024-01-12
CVE-2024-20699 Windows Hyper-V Denial of Service Vulnerability — Windows 10 Version 1809 5.5 Medium2024-01-09
CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json 7.5AIHighAI2024-01-03
CVE-2023-52075 ReVanced API vulnerable to Denial of Service due to lack of error caching — revanced-api 7.5 High2023-12-27
CVE-2023-50728 Unauthenticated Denial of Service in the octokit/webhooks library — webhooks.js 5.4 Medium2023-12-15
CVE-2023-25644 Denial of Service Vulnerability in Some ZTE Mobile Internet Products — MC801A 6.5 Medium2023-12-14
CVE-2023-46673 Elasticsearch 安全漏洞 — Elasticsearch 6.5 Medium2023-11-22
CVE-2023-48232 Floating point Exception in adjust_plines_for_skipcol() in vim — vim 3.9 Low2023-11-16
CVE-2023-5090 Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs — Red Hat Enterprise Linux 8 6.0 Medium2023-11-06
CVE-2023-5824 Squid: dos against http and https — Red Hat Enterprise Linux 8 7.5 High2023-11-03
CVE-2023-45820 Directus crashes on invalid WebSocket message — directus 5.9 Medium2023-10-19
CVE-2023-44186 Junos OS and Junos OS Evolved: RPD crash when attempting to send a very long AS PATH to a non-4-byte-AS capable BGP neighbor — Junos OS 7.5 High2023-10-11
CVE-2023-41085 BIG-IP IPSEC vulnerability — BIG-IP 7.5 High2023-10-10
CVE-2023-41332 Denial of service via Kubernetes annotations in specific Cilium configurations — cilium 3.5 Low2023-09-26
CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent — Cortex XDR Agent 5.5 Medium2023-09-13
CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router — router 7.5 High2023-09-05
CVE-2023-4540 DoS in lua-http library — lua-http 7.5 -2023-09-05
CVE-2023-40184 Improper handling of session establishment errors in xrdp — xrdp 2.6 Low2023-08-30
CVE-2023-28768 Zyxel XGS2220-30 安全漏洞 — XGS2220-30 firmware 6.5 Medium2023-08-14
CVE-2023-38419 BIG-IP and BIG-IQ iControl SOAP vulnerability — BIG-IP 4.3 Medium2023-08-02
CVE-2023-36832 Junos OS: MX Series: PFE crash upon receipt of specific packet destined to an AMS interface — Junos OS 7.5 High2023-07-14
CVE-2023-1695 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 -2023-07-06
CVE-2023-24510 On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. — Arista EOS 7.5 High2023-06-05

Vulnerabilities classified as CWE-755 (对异常条件的处理不恰当) represent 158 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.