CWE-755: Improper Handling of Exceptional Conditions
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not handle or incorrectly handles an exceptional condition.
常见后果
影响范围: Other
技术影响: Other
观察示例
参考: CVE-2023-41151
SDK for OPC Unified Architecture (OPC UA) server has uncaught exception when a socket is blocked for writing but the server tries to send an error
参考: [REF-1374]
Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)
参考: CVE-2021-3011
virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code
参考: CVE-2008-4302
Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |