CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-GC6Q-HH4V-5GVQ
Vulnerability from github – Published: 2024-07-11 00:32 – Updated: 2024-10-01 21:31An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).
The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.
System kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below:
user@router> show system statistics kernel memory Memory Size (kB) Percentage When Active 753092 18.4% Now Inactive 574300 14.0% Now Wired 443236 10.8% Now Cached 1911204 46.6% Now Buf 32768 0.8% Now Free 385072 9.4% Now Kernel Memory Now Data 312908 7.6% Now Text 2560 0.1% Now ...
This issue affects: Junos OS:
- All versions before 20.4R3-S9,
- from 21.4 before 21.4R3-S5,
- from 22.1 before 22.1R3-S5,
- from 22.2 before 22.2R3-S3,
- from 22.3 before 22.3R3-S2,
- from 22.4 before 22.4R3,
- from 23.2 before 23.2R2;
Junos OS Evolved:
- All versions before 21.4R3-S5-EVO,
- from 22.1-EVO before 22.1R3-S5-EVO,
- from 22.2-EVO before 22.2R3-S3-EVO,
- from 22.3-EVO before 22.3R3-S2-EVO,
- from 22.4-EVO before 22.4R3-EVO,
- from 23.2-EVO before 23.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39560"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-10T23:15:13Z",
"severity": "HIGH"
},
"details": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\n\nThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\n\nSystem kernel memory can be monitored through the use of the \u0027show system statistics kernel memory\u0027 command as shown below:\n\nuser@router\u003e show system statistics kernel memory\nMemory \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Size (kB) Percentage When\n\u00a0 Active \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 753092 \u00a0 \u00a0 18.4% Now\n\u00a0 Inactive \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 574300 \u00a0 \u00a0 14.0% Now\n\u00a0 Wired\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 443236 \u00a0 \u00a0 10.8% Now\n\u00a0 Cached\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1911204 \u00a0 \u00a0 46.6% Now\n\u00a0 Buf \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 32768\u00a0 \u00a0 \u00a0 0.8% Now\n\u00a0 Free \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 385072\u00a0 \u00a0 \u00a0 9.4% Now\nKernel Memory\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Now\n\u00a0 Data \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 312908\u00a0 \u00a0 \u00a0 7.6% Now\n\u00a0 Text \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2560\u00a0 \u00a0 \u00a0 0.1% Now\n...\n\nThis issue affects:\nJunos OS:\n\n\n * All versions before 20.4R3-S9,\n * from 21.4 before 21.4R3-S5,\n * from 22.1 before 22.1R3-S5,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S2,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved:\n\n\n * All versions before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.",
"id": "GHSA-gc6q-hh4v-5gvq",
"modified": "2024-10-01T21:31:33Z",
"published": "2024-07-11T00:32:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39560"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA83020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GCWW-2FJQ-FJFH
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.
{
"affected": [],
"aliases": [
"CVE-2017-0760"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-08T20:29:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.",
"id": "GHSA-gcww-2fjq-fjfh",
"modified": "2022-05-13T01:40:37Z",
"published": "2022-05-13T01:40:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0760"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100649"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GF3W-32P2-9546
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.
{
"affected": [],
"aliases": [
"CVE-2021-20602"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-07T14:15:00Z",
"severity": "HIGH"
},
"details": "Improper Handling of Exceptional Conditions vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets.",
"id": "GHSA-gf3w-32p2-9546",
"modified": "2022-05-24T19:16:58Z",
"published": "2022-05-24T19:16:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20602"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU99532713/index.html"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-014_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GFFJ-35XF-9H4M
Vulnerability from github – Published: 2022-12-20 00:30 – Updated: 2022-12-27 21:30The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.
{
"affected": [],
"aliases": [
"CVE-2022-46403"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-19T23:15:00Z",
"severity": "HIGH"
},
"details": "The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.",
"id": "GHSA-gffj-35xf-9h4m",
"modified": "2022-12-27T21:30:21Z",
"published": "2022-12-20T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46403"
},
{
"type": "WEB",
"url": "https://microchip.com"
},
{
"type": "WEB",
"url": "https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM"
},
{
"type": "WEB",
"url": "https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG"
},
{
"type": "WEB",
"url": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GG25-V243-F7CQ
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:08Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
{
"affected": [],
"aliases": [
"CVE-2019-16866"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-03T19:15:00Z",
"severity": "HIGH"
},
"details": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.",
"id": "GHSA-gg25-v243-f7cq",
"modified": "2024-04-04T02:08:28Z",
"published": "2022-05-24T16:57:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16866"
},
{
"type": "WEB",
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ"
},
{
"type": "WEB",
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Oct/23"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4149-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4544"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GG84-J6G5-HR53
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high CPU utilization condition. Cisco Bug IDs: CSCvh89340.
{
"affected": [],
"aliases": [
"CVE-2018-0272"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-19T20:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high CPU utilization condition. Cisco Bug IDs: CSCvh89340.",
"id": "GHSA-gg84-j6g5-hr53",
"modified": "2022-05-13T01:35:29Z",
"published": "2022-05-13T01:35:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0272"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103925"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GH3M-9H22-R3R5
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.
{
"affected": [],
"aliases": [
"CVE-2021-39242"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-17T19:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.",
"id": "GHSA-gh3m-9h22-r3r5",
"modified": "2022-05-24T19:11:22Z",
"published": "2022-05-24T19:11:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39242"
},
{
"type": "WEB",
"url": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ALECUZDIMT5FYGP6V6PVSI4BKVZTZWN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPNY4WZIQUAUOCLIMUPC37AQWNXTWIQM"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4960"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg41041.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GH78-48H3-FRJQ
Vulnerability from github – Published: 2021-05-06 18:10 – Updated: 2022-07-11 19:22An issue was discovered in MoscaJS Aedes 0.42.0 and fixed in 0.42.1. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "aedes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.42.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-13410"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-05T20:02:28Z",
"nvd_published_at": "2020-08-26T15:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in MoscaJS Aedes 0.42.0 and fixed in 0.42.1. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. ",
"id": "GHSA-gh78-48h3-frjq",
"modified": "2022-07-11T19:22:01Z",
"published": "2021-05-06T18:10:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13410"
},
{
"type": "WEB",
"url": "https://github.com/moscajs/aedes/pull/493"
},
{
"type": "WEB",
"url": "https://github.com/moscajs/aedes/commit/8d34ee5819cfc983d57e49b45d8c5ef70a76d79b"
},
{
"type": "WEB",
"url": "https://payatu.com/advisory/dos-in-aedes-mqtt-broker"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper exception handling in Aedes"
}
GHSA-GJ96-2265-WV5X
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.
{
"affected": [],
"aliases": [
"CVE-2019-6848"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-29T19:15:00Z",
"severity": "HIGH"
},
"details": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.",
"id": "GHSA-gj96-2265-wv5x",
"modified": "2022-05-24T17:00:06Z",
"published": "2022-05-24T17:00:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6848"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
},
{
"type": "WEB",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GP65-8MX5-X88C
Vulnerability from github – Published: 2025-05-06 09:31 – Updated: 2025-05-06 09:31Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-46584"
],
"database_specific": {
"cwe_ids": [
"CWE-280",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-06T07:15:48Z",
"severity": "HIGH"
},
"details": "Vulnerability of improper authentication logic implementation in the file system module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-gp65-8mx5-x88c",
"modified": "2025-05-06T09:31:30Z",
"published": "2025-05-06T09:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46584"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.