CWE-754Improper Check for Unusual or Exceptional Conditions

Description

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

[object Object]

Common consequences

• Integrity,Availability→DoS: Crash, Exit, or Restart,Unexpected State
  The data which were produced as a result of a function call could be in a bad state upon return. If the return value is not checked, then this bad data may be used in operations, possibly leading to a crash or other unintended behaviors.

Potential mitigations

• Requirements
  [object Object]
• Implementation
  Check the results of all functions that return a value and verify that the value is expected.
• Implementation
  If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
• Implementation
  [object Object]
• Implementation
  [object Object]
• Architecture and Design,Implementation
  If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send
• Architecture and Design
  Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.

Related CWEs

Recent CVEs classified under this CWE