CWE-703: Improper Check or Handling of Exceptional Conditions

low-risk

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Abstraction: Pillar

Common Consequences

Confidentiality Read Application Data

Detection Methods

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Fault Injection - source code Fault Injection - binary Cost effective for partial coverage: Forced Path Execution

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Manual Source Code Review (not inspections) Cost effective for partial coverage: Focused Manual Spotcheck - Focused manual analysis of source

Automated Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction

Real-World Examples (10)

CVE CVSS EPSS KEV
CVE-2024-21894 9.8 11.0%
CVE-2024-22053 8.2 7.4%
CVE-2024-22052 7.5 4.1%
CVE-2022-41777 7.5 3.8%
CVE-2024-10781 8.1 3.6%
CVE-2024-29205 7.5 2.7%
CVE-2024-20089 7.5 2.3%
CVE-2024-4611 8.1 1.8%
CVE-2021-25372 6.1 1.8% Y
CVE-2023-0004 6.5 1.3%
1
/ 100
low-risk
Active Threat 0/50 · Minimal
Exploit Availability 1/50 · Minimal