CWE-248
AllowedUncaught Exception
Abstraction: Base · Status: Draft
An exception is thrown from a function, but it is not caught.
422 vulnerabilities reference this CWE, most recent first.
GHSA-5873-6FWQ-463F
Vulnerability from github – Published: 2023-10-25 14:09 – Updated: 2023-10-25 14:09Impact
Panic vulnerability when a specially crafted payload is used. This is because of the following calculation:
inner_payload_len + (4 - inner_payload_len % 4) % 4
If inner_payload_len is 0xffffffff, (4 - inner_payload_len % 4) % 4 = 1 so
inner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1
which overflow.
Patches
Check that inner_payload_len is not above 64 which should never be the case.
Patched in version 0.0.8
Workarounds
Sanitize input payload before it is passed to the vulnerable function so that bytes in payload[32..32+4] and parsed as a u32 is not above 64.
References
GitHub issue #58
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "stellar-strkey"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46135"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-25T14:09:10Z",
"nvd_published_at": "2023-10-25T18:17:36Z",
"severity": "MODERATE"
},
"details": "### Impact\nPanic vulnerability when a specially crafted payload is used. \nThis is because of the following calculation:\n```rust\ninner_payload_len + (4 - inner_payload_len % 4) % 4\n```\nIf `inner_payload_len` is `0xffffffff`, `(4 - inner_payload_len % 4) % 4 = 1` so\n```rust\ninner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1\n```\nwhich overflow.\n\n### Patches\nCheck that `inner_payload_len` is not above 64 which should never be the case.\nPatched in version 0.0.8\n\n### Workarounds\nSanitize input payload before it is passed to the vulnerable function so that bytes in `payload[32..32+4]` and parsed as a `u32` is not above 64.\n\n### References\nGitHub issue #58\n",
"id": "GHSA-5873-6fwq-463f",
"modified": "2023-10-25T14:09:10Z",
"published": "2023-10-25T14:09:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46135"
},
{
"type": "WEB",
"url": "https://github.com/stellar/rs-stellar-strkey/issues/58"
},
{
"type": "WEB",
"url": "https://github.com/stellar/rs-stellar-strkey/pull/59"
},
{
"type": "WEB",
"url": "https://github.com/stellar/rs-stellar-strkey/commit/83adad0f5b1cda693c7ba8524d395add8077865f"
},
{
"type": "PACKAGE",
"url": "https://github.com/stellar/rs-stellar-strkey"
},
{
"type": "WEB",
"url": "https://github.com/stellar/rs-stellar-strkey/releases/tag/v0.0.8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "stellar-strkey vulnerable to panic in SignedPayload::from_payload"
}
GHSA-595H-5JVM-PM7P
Vulnerability from github – Published: 2024-04-01 03:30 – Updated: 2024-07-03 18:34In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.
{
"affected": [],
"aliases": [
"CVE-2024-20048"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-01T03:15:08Z",
"severity": "MODERATE"
},
"details": "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.",
"id": "GHSA-595h-5jvm-pm7p",
"modified": "2024-07-03T18:34:01Z",
"published": "2024-04-01T03:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20048"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/April-2024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5GGP-WM87-2P6G
Vulnerability from github – Published: 2025-04-01 12:30 – Updated: 2025-04-01 12:30Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
{
"affected": [],
"aliases": [
"CVE-2025-3083"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T12:15:15Z",
"severity": "HIGH"
},
"details": "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16",
"id": "GHSA-5ggp-wm87-2p6g",
"modified": "2025-04-01T12:30:35Z",
"published": "2025-04-01T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3083"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-103152"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V93-9MQW-P9MH
Vulnerability from github – Published: 2025-02-14 17:26 – Updated: 2025-02-14 17:26Summary
A vulnerability in the add_share function of the Rewards pallet (part of the ORML repository) can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range.
Affected Components
- ORML Rewards pallet (
rewards/src/lib.rs) - Any Substrate-based chain using ORML Rewards with
add_shareaccepting unvalidated largeu128inputs
Technical Details
add_shareperforms arithmetic on user-supplied values (add_amount) of typeT::Share(mapped tou128in Acala).- If
add_amountis large enough (e.g.,i128::MAX), the intermediate result may overflow and panic on the cast tou128. - Validation occurs only after arithmetic, enabling a crafted input to trigger an overflow.
Impact
A malicious user submitting a specially crafted extrinsic can cause a panic in the runtime: - Denial of Service by crashing the node process. - Potential for invalid blocks produced by validators.
Likelihood
This issue is exploitable in production if there exists at least one rewards pool where reward tokens exceed twice the collateral tokens, allowing sufficiently large multiplication to exceed u128 bounds.
Remediation
- This issue is fixed in https://github.com/open-web3-stack/open-runtime-module-library/pull/1016
Backport
The patch have been backported to following release branches: - polkadot-stable2407 - polkadot-stable2409
A 1.0.1 patch release is made with this fix.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "orml-rewards"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-14T17:26:08Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\nA vulnerability in the `add_share` function of the **Rewards** pallet (part of the ORML repository) can lead to an uncaught Rust panic when handling user-provided input exceeding the `u128` range.\n\n## Affected Components\n- **ORML Rewards** pallet (`rewards/src/lib.rs`)\n- Any Substrate-based chain using ORML Rewards with `add_share` accepting unvalidated large `u128` inputs\n\n## Technical Details\n- `add_share` performs arithmetic on user-supplied values (`add_amount`) of type `T::Share` (mapped to `u128` in Acala).\n- If `add_amount` is large enough (e.g., `i128::MAX`), the intermediate result may overflow and panic on the cast to `u128`.\n- Validation occurs only after arithmetic, enabling a crafted input to trigger an overflow.\n\n## Impact\nA malicious user submitting a specially crafted extrinsic can cause a panic in the runtime:\n- **Denial of Service** by crashing the node process.\n- **Potential for invalid blocks** produced by validators.\n\n## Likelihood\nThis issue is exploitable in production if there exists at least one rewards pool where reward tokens exceed twice the collateral tokens, allowing sufficiently large multiplication to exceed `u128` bounds.\n\n## Remediation\n- This issue is fixed in https://github.com/open-web3-stack/open-runtime-module-library/pull/1016\n\n## Backport\n\nThe patch have been backported to following release branches:\n- polkadot-stable2407\n- polkadot-stable2409\n\nA 1.0.1 patch release is made with this fix.",
"id": "GHSA-5v93-9mqw-p9mh",
"modified": "2025-02-14T17:26:08Z",
"published": "2025-02-14T17:26:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-web3-stack/open-runtime-module-library/security/advisories/GHSA-5v93-9mqw-p9mh"
},
{
"type": "WEB",
"url": "https://github.com/open-web3-stack/open-runtime-module-library/pull/1016"
},
{
"type": "WEB",
"url": "https://github.com/open-web3-stack/open-runtime-module-library/commit/6720fcd92f44e5f204741b04fdef3b67b0fcf6bc"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-web3-stack/open-runtime-module-library"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Uncaught Panic in ORML Rewards Pallet"
}
GHSA-5V9R-24G7-2GX7
Vulnerability from github – Published: 2025-05-02 00:32 – Updated: 2025-05-02 00:32IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
{
"affected": [],
"aliases": [
"CVE-2024-52903"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T23:15:50Z",
"severity": "MODERATE"
},
"details": "IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.",
"id": "GHSA-5v9r-24g7-2gx7",
"modified": "2025-05-02T00:32:15Z",
"published": "2025-05-02T00:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52903"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7232336"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WMX-573V-2QWQ
Vulnerability from github – Published: 2026-03-05 15:30 – Updated: 2026-06-06 00:53Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Markdown"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-69534"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-05T21:59:47Z",
"nvd_published_at": "2026-03-05T15:16:11Z",
"severity": "MODERATE"
},
"details": "Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.",
"id": "GHSA-5wmx-573v-2qwq",
"modified": "2026-06-06T00:53:00Z",
"published": "2026-03-05T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534"
},
{
"type": "WEB",
"url": "https://github.com/Python-Markdown/markdown/issues/1534"
},
{
"type": "WEB",
"url": "https://github.com/Python-Markdown/markdown/pull/1535"
},
{
"type": "WEB",
"url": "https://github.com/Python-Markdown/markdown"
},
{
"type": "WEB",
"url": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/markdown/PYSEC-2026-89.yaml"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/06/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Python-Markdown has an Uncaught Exception"
}
GHSA-6287-HMPP-GMQM
Vulnerability from github – Published: 2024-03-27 18:32 – Updated: 2024-03-27 18:32A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.
This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
{
"affected": [],
"aliases": [
"CVE-2024-20276"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T17:15:51Z",
"severity": "HIGH"
},
"details": "A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.\n\n This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.",
"id": "GHSA-6287-hmpp-gmqm",
"modified": "2024-03-27T18:32:38Z",
"published": "2024-03-27T18:32:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20276"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6429-3G3W-6MW5
Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-24 20:58All versions of the npm package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "bignum"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25324"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-24T20:58:02Z",
"nvd_published_at": "2022-05-06T20:15:00Z",
"severity": "HIGH"
},
"details": "All versions of the npm package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.",
"id": "GHSA-6429-3g3w-6mw5",
"modified": "2022-05-24T20:58:02Z",
"published": "2022-05-07T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25324"
},
{
"type": "PACKAGE",
"url": "https://github.com/justmoon/node-bignum"
},
{
"type": "WEB",
"url": "https://github.com/justmoon/node-bignum/blob/ef2e02533e598d6df8421000033c4753cde89ee2/index.js#L111"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-BIGNUM-2388581"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncaught Exception in bignum"
}
GHSA-64F4-QR63-VG45
Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
{
"affected": [],
"aliases": [
"CVE-2023-1691"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T13:15:10Z",
"severity": "HIGH"
},
"details": "Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.",
"id": "GHSA-64f4-qr63-vg45",
"modified": "2024-04-04T05:26:23Z",
"published": "2023-07-06T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1691"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/7"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-654W-X4W9-5262
Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
{
"affected": [],
"aliases": [
"CVE-2025-20171"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-05T17:15:23Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device.\n\nThis vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\u0026nbsp;\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.",
"id": "GHSA-654w-x4w9-5262",
"modified": "2025-02-05T18:34:45Z",
"published": "2025-02-05T18:34:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20171"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.