CWE-754
Allowed-with-ReviewImproper Check for Unusual or Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
909 vulnerabilities reference this CWE, most recent first.
GHSA-FC5C-G544-FMFP
Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2025-02-07 21:30An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).
In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.
This issue affects both IPv4 and IPv6 implementations. This issue affects Junos OS: All versions earlier than 21.4R3-S7; 22.1 versions earlier than 22.1R3-S5; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S3; 22.4 versions earlier than 22.4R3-S2; 23.2 versions earlier than 23.2R2; 23.4 versions earlier than 23.4R1-S1.
Junos OS Evolved: All versions earlier than 21.4R3-S7-EVO; 22.1-EVO versions earlier than 22.1R3-S5-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S3-EVO; 22.4-EVO versions earlier than 22.4R3-S2-EVO; 23.2-EVO versions earlier than 23.2R2-EVO; 23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39517"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-10T23:15:11Z",
"severity": "HIGH"
},
"details": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO.",
"id": "GHSA-fc5c-g544-fmfp",
"modified": "2025-02-07T21:30:56Z",
"published": "2024-07-11T00:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39517"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FCFX-PC78-JW2M
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
{
"affected": [],
"aliases": [
"CVE-2020-24677"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-22T22:15:00Z",
"severity": "HIGH"
},
"details": "Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.",
"id": "GHSA-fcfx-pc78-jw2m",
"modified": "2022-05-24T17:37:02Z",
"published": "2022-05-24T17:37:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24677"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FFCC-34J7-9R9F
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-05-24 16:56A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.
{
"affected": [],
"aliases": [
"CVE-2019-6813"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-17T20:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.",
"id": "GHSA-ffcc-34j7-9r9f",
"modified": "2022-05-24T16:56:24Z",
"published": "2022-05-24T16:56:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6813"
},
{
"type": "WEB",
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FH7P-WMPJ-PQF7
Vulnerability from github – Published: 2024-01-18 18:30 – Updated: 2024-01-18 18:30AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2023-34348"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-754",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-18T18:15:08Z",
"severity": "HIGH"
},
"details": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.\n\n\n\n\n",
"id": "GHSA-fh7p-wmpj-pqf7",
"modified": "2024-01-18T18:30:25Z",
"published": "2024-01-18T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34348"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHC3-G4V6-VMPR
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
{
"affected": [],
"aliases": [
"CVE-2018-7853"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T21:29:00Z",
"severity": "HIGH"
},
"details": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus",
"id": "GHSA-fhc3-g4v6-vmpr",
"modified": "2022-05-24T16:46:14Z",
"published": "2022-05-24T16:46:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7853"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FHH6-4PM2-6VQV
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).
On all EX4k and QFX5k platforms, a link flap in an
EVPN-VXLAN configuration Link Aggregation Group (LAG) results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.
This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.
Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot ' command.
This issue affects Junos OS
on EX4k and QFX5k Series:
- all versions before 21.4R3-S12,
- all versions of 22.2
- from 22.4 before 22.4R3-S8,
- from 23.2 before 23.2R2-S5,
- from 23.4 before 23.4R2-S5,
- from 24.2 before 24.2R2-S3,
- from 24.4 before 24.4R2.
{
"affected": [],
"aliases": [
"CVE-2026-21910"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:06Z",
"severity": "HIGH"
},
"details": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker\u00a0flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).\n\nOn all EX4k and QFX5k platforms, a link flap in an\n\nEVPN-VXLAN configuration Link Aggregation Group (LAG)\nresults in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.\n\nThis issue is only applicable to\u00a0systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.\n\nService can only be restored by restarting the affected FPC via the \u0027request chassis fpc restart slot \u003cslot-number\u003e\u0027 command.\n\nThis issue affects Junos OS \n\non EX4k and QFX5k Series:\u00a0\n\n\n\n * all versions before 21.4R3-S12,\u00a0\n * all versions of 22.2\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S5,\u00a0\n * from 24.2 before 24.2R2-S3,\n * from 24.4 before 24.4R2.",
"id": "GHSA-fhh6-4pm2-6vqv",
"modified": "2026-01-15T21:31:48Z",
"published": "2026-01-15T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21910"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA106009"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA106009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Green",
"type": "CVSS_V4"
}
]
}
GHSA-FJ49-5PV6-CPP5
Vulnerability from github – Published: 2025-06-28 18:32 – Updated: 2025-06-28 18:32A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
{
"affected": [],
"aliases": [
"CVE-2023-28910"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-28T16:15:23Z",
"severity": "HIGH"
},
"details": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.",
"id": "GHSA-fj49-5pv6-cpp5",
"modified": "2025-06-28T18:32:37Z",
"published": "2025-06-28T18:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28910"
},
{
"type": "WEB",
"url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2"
},
{
"type": "WEB",
"url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf"
},
{
"type": "WEB",
"url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FM3M-C8G9-95RJ
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.
{
"affected": [],
"aliases": [
"CVE-2020-19766"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-07T22:15:00Z",
"severity": "HIGH"
},
"details": "The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.",
"id": "GHSA-fm3m-c8g9-95rj",
"modified": "2022-05-24T19:13:54Z",
"published": "2022-05-24T19:13:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19766"
},
{
"type": "WEB",
"url": "https://github.com/OSUPlayer/CVEs/blob/master/Reentrancy/2019-07-09-02.md"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FM9J-6585-C687
Vulnerability from github – Published: 2022-05-17 00:14 – Updated: 2022-05-17 00:14sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2017-10895"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-01T14:29:00Z",
"severity": "HIGH"
},
"details": "sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.",
"id": "GHSA-fm9j-6585-c687",
"modified": "2022-05-17T00:14:14Z",
"published": "2022-05-17T00:14:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10895"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN71291160/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FMFX-VCM3-X4FP
Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
Add error pointer check after calling otx2_mbox_get_rsp().
{
"affected": [],
"aliases": [
"CVE-2024-56725"
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-29T12:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().",
"id": "GHSA-fmfx-vcm3-x4fp",
"modified": "2025-11-03T21:32:02Z",
"published": "2024-12-29T12:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56725"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/54e8b501b3ea9371e4a9aa639c75b681fa5680f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69297b0d3369488af259e3a7cf53d69157938ea1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ee6cf42dc5230425cfce1ffefa5a8d8a99e6fce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b94052830e3cd3be7141789a5ce6e62cf9f620a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b99db02209ca4c2e2f53b82049ea3cbc82b54895"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Check the results of all functions that return a value and verify that the value is expected.
Mitigation
If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
- Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
Mitigation
Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.
No CAPEC attack patterns related to this CWE.