An exception is thrown from a function, but it is not caught.
When an exception is not caught, it may cause the program to crash or expose sensitive information.
Threat Mapped score: 3.0
Industry: Finiancial
Threat priority: P2 - Serious (High)
CVE: CVE-2023-41151
SDK for OPC Unified Architecture (OPC UA) server has uncaught exception when a socket is blocked for writing but the server tries to send an error
CVE: CVE-2023-21087
Java code in a smartphone OS can encounter a "boot loop" due to an uncaught exception
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: The following example attempts to resolve a hostname.
Body: A DNS lookup failure will cause the Servlet to throw an exception.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }Intro: The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s().
Intro: EnterCriticalSection() can raise an exception, potentially causing the program to crash. Under operating systems prior to Windows 2000, the EnterCriticalSection() function can raise an exception in low memory situations. If the exception is not caught, the program will crash, potentially enabling a denial of service attack.