Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

CWE-703: Improper Check or Handling of Exceptional Conditions | Mondoo Vulnerability Intelligence

CWE-703

PillarIncomplete

View on MITRE

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

96 linked vulnerabilities

ConfidentialityAvailabilityIntegrityRead Application DataDoS: Crash, Exit, or RestartUnexpected State

Dynamic Analysis with Manual Results InterpretationEffectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Manual Static Analysis - Source CodeEffectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Automated Static Analysis - Source CodeEffectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Source code Weakness Analyzer
Context-configured Source Code Weakness Analyzer

Architecture or Design ReviewEffectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Formal Methods / Correct-By-Construction

Modes of Introduction

Architecture and DesignImplementationOperation

Example CVEs (2)

[REF-1374]

Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)

CVE-2022-22224

Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)

External Links

MITRE CWE Database

CWE-703

Improper Check or Handling of Exceptional Conditions

Common Consequences (1)

Detection Methods (4)

Modes of Introduction

Example CVEs (2)

External Links