The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
View on MITRENo mitigation information available for this CWE.
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Fault Injection - source code Fault Injection - binary Cost effective for partial coverage: Forced Path Execution
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Manual Source Code Review (not inspections) Cost effective for partial coverage: Focused Manual Spotcheck - Focused manual analysis of source
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction
Consider the following code segment:
The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy().
The following method throws three types of exceptions.
While it might seem tidier to write
The following method throws three types of exceptions.
While it might seem tidier to write
Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)
View DetailsChain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
View DetailsNo relationship information available for this CWE.
CWE-703: Improper Check or Handling of Exceptional Conditions is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
If exploited, CWE-703 (Improper Check or Handling of Exceptional Conditions) it can compromise Confidentiality, Availability and Integrity, leading to outcomes such as Read Application Data, DoS: Crash, Exit, or Restart and Unexpected State.
CWE-703 can be detected using Dynamic Analysis with Manual Results Interpretation, Manual Static Analysis - Source Code and Architecture or Design Review. Combining automated tooling with manual review typically yields the best coverage.
CWE-703 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-703, including [REF-1374] and CVE-2022-22224. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-703 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.