CWE-754: Improper Check for Unusual or Exceptional Conditions
low-riskThe product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Common Consequences
Detection Methods
Automated static analysis may be useful for detecting unusual conditions involving system resources or common programming idioms, but not for violations of business rules.
Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-3393 | 7.5 | 77.7% | Y |
| CVE-2024-3393 | 7.5 | 77.7% | Y |
| CVE-2024-43044 | 8.8 | 65.9% | — |
| CVE-2024-43044 | 8.8 | 65.9% | — |
| CVE-2017-11144 | 7.5 | 41.6% | — |
| CVE-2024-4367 | 8.8 | 34.6% | — |
| CVE-2018-7287 | 5.9 | 33.1% | — |
| CVE-2023-41993 | 8.8 | 24.4% | Y |
| CVE-2023-41993 | 8.8 | 24.4% | Y |
| CVE-2020-16125 | 7.2 | 22.1% | — |