CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
685 vulnerabilities reference this CWE, most recent first.
GHSA-2MJH-J6V5-C2WP
Vulnerability from github – Published: 2022-05-17 00:01 – Updated: 2022-05-25 00:00Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.
{
"affected": [],
"aliases": [
"CVE-2022-29017"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-16T14:15:00Z",
"severity": "MODERATE"
},
"details": "Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.",
"id": "GHSA-2mjh-j6v5-c2wp",
"modified": "2022-05-25T00:00:31Z",
"published": "2022-05-17T00:01:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29017"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/691"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2MMF-R54M-7994
Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2024-04-04 03:07mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions
{
"affected": [],
"aliases": [
"CVE-2012-1109"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-12T15:15:00Z",
"severity": "HIGH"
},
"details": "mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions",
"id": "GHSA-2mmf-r54m-7994",
"modified": "2024-04-04T03:07:36Z",
"published": "2022-05-24T22:01:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1109"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1109"
},
{
"type": "WEB",
"url": "https://www.securityfocus.com/bid/52577"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2P6R-X3VV-XQM2
Vulnerability from github – Published: 2026-05-06 21:49 – Updated: 2026-05-06 21:49rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted.
To quote @squell:
@conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.:
Suppose we use pkill -9 sq in a different terminal right after the password has been typed in:
$ sq key generate --userid "barf" --with-password Enter password to protect the key: Killed $ hello^C
Where the password I typed in is "hello".
This has been fixed in version v7.5.0 and above.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.4.0"
},
"package": {
"ecosystem": "crates.io",
"name": "rpassword"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T21:49:33Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted.\n\nTo quote @squell:\n\n\u003e @conradkleinespel I\u0027ve confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.:\n\u003e\n\u003e Suppose we use pkill -9 sq in a different terminal right after the password has been typed in:\n\u003e\n\u003e $ sq key generate --userid \"barf\" --with-password\n\u003e Enter password to protect the key: Killed\n\u003e $ hello^C\n\u003e\n\u003e Where the password I typed in is \"hello\".\n\nThis has been fixed in version v7.5.0 and above.",
"id": "GHSA-2p6r-x3vv-xqm2",
"modified": "2026-05-06T21:49:34Z",
"published": "2026-05-06T21:49:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/conradkleinespel/rpassword/security/advisories/GHSA-2p6r-x3vv-xqm2"
},
{
"type": "PACKAGE",
"url": "https://github.com/conradkleinespel/rpassword"
},
{
"type": "WEB",
"url": "https://github.com/conradkleinespel/rpassword/releases/tag/v7.5.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "rpassword affected by partial password reveal when input is interrupted "
}
GHSA-2PQ9-CJ9C-6VGR
Vulnerability from github – Published: 2023-02-20 06:30 – Updated: 2024-02-16 21:31app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
{
"affected": [],
"aliases": [
"CVE-2022-48328"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-20T04:15:00Z",
"severity": "CRITICAL"
},
"details": "app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.",
"id": "GHSA-2pq9-cj9c-6vgr",
"modified": "2024-02-16T21:31:30Z",
"published": "2023-02-20T06:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48328"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/commit/1edbc2569989f844799261a5f90edfa433d7dbcc"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/commit/206f540f0275af2dd2a86275abc199df41e72a21"
},
{
"type": "WEB",
"url": "https://github.com/MISP/MISP/compare/v2.4.166...v2.4.167"
},
{
"type": "WEB",
"url": "https://zigrin.com/advisories/misp-sql-injection-in-crud-component"
},
{
"type": "WEB",
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-hiding-in-plain-sight-the-hidden-danger-of-sql-injection-in-input-field-names"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2Q89-485C-9J2X
Vulnerability from github – Published: 2023-05-11 20:40 – Updated: 2023-05-24 18:31Impact
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.
The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.
Patches
The fix was introduced in CIRCL v. 1.3.3
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/circl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1732"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-11T20:40:54Z",
"nvd_published_at": "2023-05-10T12:15:10Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether `crypto/rand.Read()` returns an error. In rare deployment cases (error thrown by the `Read()` function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides `crypto/rand.Reader`, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n\n### Patches\nThe fix was introduced in CIRCL v. 1.3.3\n",
"id": "GHSA-2q89-485c-9j2x",
"modified": "2023-05-24T18:31:42Z",
"published": "2023-05-11T20:40:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1732"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/circl"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/releases/tag/v1.3.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper random reading in CIRCL"
}
GHSA-2QRQ-4QXF-6CFM
Vulnerability from github – Published: 2021-12-09 00:00 – Updated: 2021-12-10 00:00There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage.
{
"affected": [],
"aliases": [
"CVE-2021-37052"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-08T15:15:00Z",
"severity": "HIGH"
},
"details": "There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage.",
"id": "GHSA-2qrq-4qxf-6cfm",
"modified": "2021-12-10T00:00:54Z",
"published": "2021-12-09T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37052"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/9"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2R4W-C5QM-VPX8
Vulnerability from github – Published: 2022-05-17 04:21 – Updated: 2022-05-17 04:21Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
{
"affected": [],
"aliases": [
"CVE-2014-1943"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-02-18T19:55:00Z",
"severity": "MODERATE"
},
"details": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.",
"id": "GHSA-2r4w-c5qm-vpx8",
"modified": "2022-05-17T04:21:31Z",
"published": "2022-05-17T04:21:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1943"
},
{
"type": "WEB",
"url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"
},
{
"type": "WEB",
"url": "http://mx.gw.com/pipermail/file/2014/001327.html"
},
{
"type": "WEB",
"url": "http://mx.gw.com/pipermail/file/2014/001330.html"
},
{
"type": "WEB",
"url": "http://mx.gw.com/pipermail/file/2014/001334.html"
},
{
"type": "WEB",
"url": "http://mx.gw.com/pipermail/file/2014/001337.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6443"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2861"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2868"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2123-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2126-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2V7G-8JVX-2WFC
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-07-13 00:00An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.
{
"affected": [],
"aliases": [
"CVE-2020-15566"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-07T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.",
"id": "GHSA-2v7g-8jvx-2wfc",
"modified": "2022-07-13T00:00:44Z",
"published": "2022-05-24T17:22:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15566"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-02"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/2"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-317.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VG2-F293-3RC8
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.
{
"affected": [],
"aliases": [
"CVE-2021-21592"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-16T22:15:00Z",
"severity": "MODERATE"
},
"details": "Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.",
"id": "GHSA-2vg2-f293-3rc8",
"modified": "2022-05-24T19:11:27Z",
"published": "2022-05-24T19:11:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21592"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000190408"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2VP3-CRWQ-3FG5
Vulnerability from github – Published: 2025-07-16 09:31 – Updated: 2025-11-05 00:31Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up and recover the changes to the arithmetic flags.
For replayed instructions where the flags recovery logic is used, the metadata for exception handling was incorrect, preventing Xen from handling the the exception gracefully, treating it as fatal instead.
{
"affected": [],
"aliases": [
"CVE-2025-27465"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-16T09:15:23Z",
"severity": "MODERATE"
},
"details": "Certain instructions need intercepting and emulating by Xen. In some\ncases Xen emulates the instruction by replaying it, using an executable\nstub. Some instructions may raise an exception, which is supposed to be\nhandled gracefully. Certain replayed instructions have additional logic\nto set up and recover the changes to the arithmetic flags.\n\nFor replayed instructions where the flags recovery logic is used, the\nmetadata for exception handling was incorrect, preventing Xen from\nhandling the the exception gracefully, treating it as fatal instead.",
"id": "GHSA-2vp3-crwq-3fg5",
"modified": "2025-11-05T00:31:21Z",
"published": "2025-07-16T09:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27465"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-470.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/01/1"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-470.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.