CWE-755: Improper Handling of Exceptional Conditions

CVE-2021-38003

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following example attempts to resolve a hostname.

Vulnerable example

java

protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {

A DNS lookup failure will cause the Servlet to throw an exception.

The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.

Vulnerable example

foo=malloc(sizeof(char)); //the next line checks to see if malloc failed

Safe example

foo=malloc(sizeof(char)); //the next line checks to see if malloc failed

The following code mistakenly catches a NullPointerException.

Vulnerable example

java

try {

CWE-755: Improper Handling of Exceptional Conditions

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Frequently asked questions

What is CWE-755?

What CVEs are caused by CWE-755?

How is CWE-755 detected?

What are the consequences of CWE-755?

Is CWE-755 actively exploited?

References

Stay ahead of CWE-755

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-755?

What CVEs are caused by CWE-755?

How is CWE-755 detected?

What are the consequences of CWE-755?

Is CWE-755 actively exploited?

References

Stay ahead of CWE-755