CWE-703: Improper Check or Handling of Exceptional Conditions
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
常见后果
影响范围: Confidentiality Availability Integrity
技术影响: Read Application Data DoS: Crash, Exit, or Restart Unexpected State
检测方法
方法: Dynamic Analysis with Manual Results Interpretation
有效性: High
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: [REF-1374]
Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)
参考: CVE-2022-22224
Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | ERR06-J | Do not throw undeclared checked exceptions | - |
关键信息
CWE ID: CWE-703
抽象级别: Pillar
结构: Simple
状态: Incomplete