Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CWE-703: Improper Check or Handling of Exceptional Conditions | Mondoo Vulnerability Intelligence

CWE-703

PillarIncomplete

View on MITRE

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

99 linked vulnerabilities

Confidentiality

Availability

Integrity

Read Application Data

DoS: Crash, Exit, or Restart

Unexpected State

Dynamic Analysis with Manual Results Interpretation

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Manual Static Analysis - Source Code

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Automated Static Analysis - Source Code

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Source code Weakness Analyzer
Context-configured Source Code Weakness Analyzer

Architecture or Design Review

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Formal Methods / Correct-By-Construction

Modes of Introduction

Architecture and Design

Implementation

Operation

Example CVEs (2)

[REF-1374]

Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)

CVE-2022-22224

Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)

External Links

MITRE CWE Database