Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-755 (对异常条件的处理不恰当) — Vulnerability Class 158

158 vulnerabilities classified as CWE-755 (对异常条件的处理不恰当). AI Chinese analysis included.

CWE-755 represents a critical software weakness where applications fail to properly manage unexpected or exceptional runtime conditions, such as network timeouts, resource exhaustion, or invalid input states. This flaw typically allows attackers to exploit the lack of robust error handling by triggering specific exceptions that cause the system to crash, leak sensitive internal stack traces, or enter an unstable state. By carefully crafting inputs that induce these exceptional conditions, adversaries can achieve denial of service or potentially escalate privileges if the application behaves unpredictably during failure recovery. To mitigate this risk, developers must implement comprehensive exception handling mechanisms that validate inputs, ensure graceful degradation, and log errors securely without exposing internal details. Utilizing defensive programming practices and rigorous testing ensures that the software remains stable and secure even when encountering unforeseen operational anomalies.

MITRE CWE Description
The product does not handle or incorrectly handles an exceptional condition.
Common Consequences (1)
OtherOther
Examples (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { //We do nothing so we just ignore the error. }
Bad · C
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { printf("Malloc failed to allocate memory resources"); return -1; }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-34593 CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service — CODESYS V2 7.5 High2021-10-26
CVE-2021-31353 Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update — Junos OS 7.5 High2021-10-19
CVE-2021-0299 Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet — Junos OS 7.5 High2021-10-19
CVE-2021-0297 Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication — Junos OS Evolved 6.5 Medium2021-10-19
CVE-2021-25474 Samsung SMR 安全漏洞 — Samsung Mobile Devices 4.4 Medium2021-10-06
CVE-2021-25473 Samsung SMR 安全漏洞 — Samsung Mobile Devices 4.4 Medium2021-10-06
CVE-2021-32999 AVEVA SuiteLink Server Improper Handling of Exceptional Conditions — AVEVA System Platform 2020 7.5 High2021-09-23
CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS) — PAN-OS 7.5 High2021-09-08
CVE-2021-39157 Improper Handling of Exceptional Conditions in detect-character-encoding — detect-character-encoding 7.5 High2021-08-24
CVE-2021-21592 DELL EMC PowerScale 安全漏洞 — PowerScale OneFS 3.1 Low2021-08-16
CVE-2021-0290 Junos OS: MX Series, EX9200 Series, SRX4600: Ethernet interface vulnerable to specially crafted frames — Junos OS 6.5 Medium2021-07-15
CVE-2021-29617 Crash in `tf.strings.substr` due to `CHECK`-fail — tensorflow 2.5 Low2021-05-14
CVE-2021-29618 Crash in `tf.transpose` with complex inputs — tensorflow 2.5 Low2021-05-14
CVE-2021-29619 Segfault in `tf.raw_ops.SparseCountSparseOutput` — tensorflow 2.5 Low2021-05-14
CVE-2021-25662 Siemens SIMATIC WinCC 安全漏洞 — SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) 7.5 -2021-05-12
CVE-2021-0259 Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario — Junos OS 7.4 High2021-04-22
CVE-2021-23886 Local Denial of Service in McAfee DLP Endpoint for Windows — McAfee Data Loss Prevention (DLP) Endpoint for Windows 5.5 Medium2021-04-15
CVE-2020-25236 Siemens LOGO! 8 BM 安全漏洞 — LOGO! 12/24RCE 5.5 Medium2021-03-15
CVE-2020-2020 Cortex XDR Agent: Exceptional condition denial-of-service (DoS) — Cortex XDR Agent 5.5 Medium2020-12-09
CVE-2020-7926 Specific query can cause a DoS against MongoDB Server — MongoDB Server 6.5 Medium2020-11-23
CVE-2020-1681 Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service — Junos OS Evolved 6.5 Medium2020-10-16
CVE-2020-5387 Dell XPS 13 9370 安全漏洞 — CPG BIOS 2.3 Low2020-10-01
CVE-2020-15223 Ignored storage errors on token revokation in ORY Fosite — fosite 8.0 High2020-09-24
CVE-2020-7923 Specific GeoQuery can cause DoS against MongoDB Server — MongoDB Server 6.5 Medium2020-08-21
CVE-2020-15701 Unhandled exception in apport — apport 5.5 Medium2020-08-06
CVE-2020-1643 Junos OS: EX Series: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured — Junos OS 5.5 Medium2020-07-17
CVE-2020-15117 Denial of Service in Synergy — synergy-core 6.5 Medium2020-07-15
CVE-2020-1744 Red Hat Keycloak 信息泄露漏洞 — keycloak 5.6 Medium2020-03-24
CVE-2019-10222 Red Hat Ceph 资源管理错误漏洞 — ceph 7.5 -2019-11-08
CVE-2019-6848 Schneider Electric 多款产品输入验证错误漏洞 — Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info) 8.6 -2019-10-29

Vulnerabilities classified as CWE-755 (对异常条件的处理不恰当) represent 158 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.