CWE

Improper Check or Handling of Exceptional Conditions

ID: 703		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Class

Description

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality Availability Integrity	Read application data DoS: crash / exit / restart Unexpected state

Detection Methods
None

Potential Mitigations
None

Relationships
This is a high-level class that might have some overlap with other classes. It could be argued that even "normal" weaknesses such as buffer overflows involve unusual or exceptional conditions. In that sense, this might be an inherent aspect of most other weaknesses within CWE, similar to API Abuse (CWE-227) and Indicator of Poor Code Quality (CWE-398). However, this entry is currently intended to unify disparate concepts that do not have other places within the Research Concepts view (CWE-1000).

Related CWE	Type	View	Chain
CWE-703 ChildOf CWE-889	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CERT Java Secure Coding	ERR06-J	Do not throw undeclared checked exceptions
CERT C++ Secure Coding	MEM32-CPP	Detect and handle memory allocation errors
CERT C++ Secure Coding	ERR39-CPP	Guarantee exception safety

References:

1. Taimur Aslam .A Taxonomy of Security Faults in the UNIX Operating System. 1995-08-01.
2. Taimur Aslam Ivan Krsul Eugene H. Spafford .Use of A Taxonomy of Security Faults. 1995-08-01.
3. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 8: C++ Catastrophes." Page 143'. Published on 2010.