CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-P3R4-F5WW-GWF6
Vulnerability from github – Published: 2025-09-09 15:31 – Updated: 2025-09-17 18:31A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.
{
"affected": [],
"aliases": [
"CVE-2025-8008"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T13:15:32Z",
"severity": "HIGH"
},
"details": "A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.",
"id": "GHSA-p3r4-f5ww-gwf6",
"modified": "2025-09-17T18:31:17Z",
"published": "2025-09-09T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8008"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1739.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P438-C5RW-CQ9H
Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-27 00:00CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.
{
"affected": [],
"aliases": [
"CVE-2022-34641"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-18T23:15:00Z",
"severity": "MODERATE"
},
"details": "CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.",
"id": "GHSA-p438-c5rw-cq9h",
"modified": "2022-07-27T00:00:34Z",
"published": "2022-07-19T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34641"
},
{
"type": "WEB",
"url": "https://github.com/openhwgroup/cva6/issues/906"
},
{
"type": "WEB",
"url": "https://github.com/riscv-boom/riscv-boom/issues/605"
},
{
"type": "WEB",
"url": "https://github.com/openhwgroup/cva6/pull/908"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5GC-VRFJ-FV23
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-06 18:30Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2022-34849"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T20:15:00Z",
"severity": "MODERATE"
},
"details": "Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.",
"id": "GHSA-p5gc-vrfj-fv23",
"modified": "2023-03-06T18:30:21Z",
"published": "2023-02-16T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34849"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00727.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5PG-WM9Q-8V6R
Vulnerability from github – Published: 2022-02-25 00:01 – Updated: 2022-03-07 19:34metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.drewnoakes:metadata-extractor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24613"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-07T19:34:44Z",
"nvd_published_at": "2022-02-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.",
"id": "GHSA-p5pg-wm9q-8v6r",
"modified": "2022-03-07T19:34:44Z",
"published": "2022-02-25T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24613"
},
{
"type": "WEB",
"url": "https://github.com/drewnoakes/metadata-extractor/issues/561"
},
{
"type": "PACKAGE",
"url": "https://github.com/drewnoakes/metadata-extractor"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Handling of Exceptional Conditions inn metadata-extractor"
}
GHSA-P5V5-VRQ2-W73F
Vulnerability from github – Published: 2022-04-21 01:54 – Updated: 2024-04-03 23:04burn allows file names to escape via mishandled quotation marks
{
"affected": [],
"aliases": [
"CVE-2009-5043"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-31T16:15:00Z",
"severity": "CRITICAL"
},
"details": "burn allows file names to escape via mishandled quotation marks",
"id": "GHSA-p5v5-vrq2-w73f",
"modified": "2024-04-03T23:04:12Z",
"published": "2022-04-21T01:54:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5043"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P67H-HGQ7-6V2W
Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-08 00:30Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.
{
"affected": [],
"aliases": [
"CVE-2022-36287"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.",
"id": "GHSA-p67h-hgq7-6v2w",
"modified": "2023-03-08T00:30:34Z",
"published": "2023-02-16T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36287"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00739.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7G2-XW88-GXG3
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476
{
"affected": [],
"aliases": [
"CVE-2020-0004"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-08T19:15:00Z",
"severity": "LOW"
},
"details": "In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476",
"id": "GHSA-p7g2-xw88-gxg3",
"modified": "2022-05-24T17:05:53Z",
"published": "2022-05-24T17:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0004"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P87G-J8M4-PQ52
Vulnerability from github – Published: 2024-11-08 06:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory read errors from nilfs_find_entry()
Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2.
The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails.
If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts.
Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry().
The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together.
{
"affected": [],
"aliases": [
"CVE-2024-50202"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T06:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: propagate directory read errors from nilfs_find_entry()\n\nSyzbot reported that a task hang occurs in vcs_open() during a fuzzing\ntest for nilfs2.\n\nThe root cause of this problem is that in nilfs_find_entry(), which\nsearches for directory entries, ignores errors when loading a directory\npage/folio via nilfs_get_folio() fails.\n\nIf the filesystem images is corrupted, and the i_size of the directory\ninode is large, and the directory page/folio is successfully read but\nfails the sanity check, for example when it is zero-filled,\nnilfs_check_folio() may continue to spit out error messages in bursts.\n\nFix this issue by propagating the error to the callers when loading a\npage/folio fails in nilfs_find_entry().\n\nThe current interface of nilfs_find_entry() and its callers is outdated\nand cannot propagate error codes such as -EIO and -ENOMEM returned via\nnilfs_find_entry(), so fix it together.",
"id": "GHSA-p87g-j8m4-pq52",
"modified": "2025-11-04T00:31:57Z",
"published": "2024-11-08T06:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P89W-8R2H-7MJP
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2025-07-03 21:31ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
{
"affected": [],
"aliases": [
"CVE-2019-25043"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-06T17:15:00Z",
"severity": "MODERATE"
},
"details": "ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a \"string index out of range\" error and worker-process crash for a \"Cookie: =abc\" header.",
"id": "GHSA-p89w-8r2h-7mjp",
"modified": "2025-07-03T21:31:20Z",
"published": "2022-05-24T19:01:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25043"
},
{
"type": "WEB",
"url": "https://github.com/SpiderLabs/ModSecurity/issues/2566"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PGWQ-8WJV-XHHR
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.
{
"affected": [],
"aliases": [
"CVE-2021-43173"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-09T17:15:00Z",
"severity": "HIGH"
},
"details": "In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.",
"id": "GHSA-pgwq-8wjv-xhhr",
"modified": "2022-05-24T19:20:05Z",
"published": "2022-05-24T19:20:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43173"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5033"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5041"
},
{
"type": "WEB",
"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.