CWE WEAKNESSES  /  CWE-754

CWE-754

Improper Check for Unusual or Exceptional Conditions

What it is

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

The programmer may assume that certain events or conditions will never occur or do not need to be worried about, such as low memory conditions, lack of access to resources due to restrictive permissions, or misbehaving clients or components. However, attackers may intentionally trigger these unusual conditions, thus violating the programmer's assumptions, possibly introducing instability, incorrect behavior, or a vulnerability.Note that this entry is not exclusively about the use of exceptions and exception handling, which are mechanisms for both checking and handling unusual or unexpected conditions.

Impact

Mitigations

• [Requirements]Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive except
• [Implementation] Check the results of all functions that return a value and verify that the value is expected.
• [Implementation] If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
• [Implementation]Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine
• [Implementation]Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.When performing input validation, consider all potentially relevant properties, including length, type of input, the full r
• [Architecture and Design, Implementation] If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send
• [Architecture and Design] Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.

Real-world CVE examples

• CVE-2023-49286 — Chain: function in web caching proxy does not correctly check a return value (CWE-253) leading to a reachable assertion (CWE-617)
• CVE-2007-3798 — Unchecked return value leads to resultant integer overflow and code execution.
• CVE-2006-4447 — Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those fu
• CVE-2006-2916 — Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those fu

Related weaknesses

Source: MITRE CWE. View on cwe.mitre.org →