logo
Home/CWEs/CWE-248/

CWE-248 - Uncaught Exception

  • Abstraction:Base
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2024-02-29

Weakness Name

Uncaught Exception

Description

An exception is thrown from a function, but it is not caught.

When an exception is not caught, it may cause the program to crash or expose sensitive information.

Common Consequences

Scope: Availability, Confidentiality

Impact: DoS: Crash, Exit, or Restart, Read Application Data

Notes: An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors.

Related Weaknesses

CWE-703Improper Check or Handling of Exceptional Conditions

CWE-705Incorrect Control Flow Scoping

CWE-755Improper Handling of Exceptional ConditionsMedium