The product does not handle or incorrectly handles an exceptional condition.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
The following example attempts to resolve a hostname.
A DNS lookup failure will cause the Servlet to throw an exception.
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
The conditional successfully detects a NULL return value from malloc indicating a failure, however it does not do anything to handle the problem. Unhandled errors may have unexpected results and may cause the program to crash or terminate.
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
The conditional successfully detects a NULL return value from malloc indicating a failure, however it does not do anything to handle the problem. Unhandled errors may have unexpected results and may cause the program to crash or terminate.
The following code mistakenly catches a NullPointerException.
SDK for OPC Unified Architecture (OPC UA) server has uncaught exception when a socket is blocked for writing but the server tries to send an error
View DetailsChain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)
View Detailsvirtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code
View DetailsChain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
View DetailsCWE-755: Improper Handling of Exceptional Conditions is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not handle or incorrectly handles an exceptional condition.
If exploited, CWE-755 (Improper Handling of Exceptional Conditions) it can compromise Other, leading to outcomes such as Other.
CWE-755 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-755, including CVE-2023-41151, [REF-1374], CVE-2021-3011 and CVE-2008-4302. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-755 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.