VYPR

CWE-460

Improper Cleanup on Thrown Exception

BaseDraftLikelihood: Medium

Description

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (14)

  • CVE-2025-43855HigApr 24, 2025
    risk 0.50cvss epss 0.00

    tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any…

  • CVE-2026-40583HigApr 21, 2026
    risk 0.46cvss 8.2epss 0.00

    UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.

  • CVE-2017-9657MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.01

    Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the…

  • CVE-2025-32439MedApr 15, 2025
    risk 0.35cvss 6.5epss 0.00

    pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's…

  • CVE-2016-9592MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of…

  • CVE-2026-33481MedMar 26, 2026
    risk 0.27cvss 5.3epss 0.00

    Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives…

  • CVE-2026-48524LowMay 28, 2026
    risk 0.17cvss 3.7epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can…

  • CVE-2025-59399LowSep 15, 2025
    risk 0.13cvss 3.1epss 0.00

    libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.

  • CVE-2025-31650Apr 28, 2025
    risk 0.01cvss epss 0.67

    Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException…

  • CVE-2025-30157Mar 21, 2025
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the…

  • CVE-2024-12289Dec 12, 2024
    risk 0.00cvss epss 0.00

    Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the…

  • CVE-2022-3301Sep 26, 2022
    risk 0.00cvss epss 0.01

    Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.

  • CVE-2020-35923Dec 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN.

  • CVE-2017-15127MedJan 14, 2018
    risk 0.00cvss 5.5epss 0.00

    A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).