目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-252 未加检查的返回值 类漏洞列表 59

CWE-252 未加检查的返回值 类弱点 59 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-252 属于未检查返回值漏洞,指程序忽略函数或方法的返回状态,导致无法识别异常条件。攻击者常通过构造输入迫使函数失败,利用开发者“调用必成功”的错误假设,使程序进入非预期状态或执行错误逻辑。开发者应在每次调用可能失败的函数后,严格验证返回值,确保仅在成功时继续执行后续逻辑,从而提升系统鲁棒性。

MITRE CWE 官方描述
CWE:CWE-252 Unchecked Return Value(未检查返回值) 英文:The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. 译文:产品未检查方法或函数的返回值,这可能导致其无法检测到意外状态和条件。 Two common programmer assumptions are "this function call can never fail" and "it doesn't matter if this function call fails". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the product is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges. 译文:程序员常见的两种假设是“此函数调用绝不会失败”以及“此函数调用失败也无所谓”。如果攻击者能够强制函数失败,或以非预期方式返回一个值,那么后续的程序逻辑可能会导致漏洞,因为产品并未处于程序员所假设的状态。例如,如果程序调用一个函数来降低权限,但未检查返回码以确保权限已成功降低,则程序将继续以较高权限运行。
常见影响 (1)
Availability, IntegrityUnexpected State, DoS: Crash, Exit, or Restart
An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.
缓解措施 (4)
ImplementationCheck the results of all functions that return a value and verify that the value is expected.
Effectiveness: High
ImplementationFor any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
ImplementationEnsure that you account for all possible return values from the function.
ImplementationWhen designing a function, make sure you return a value or throw an exception in case of an error.
代码示例 (2)
Consider the following code segment:
char buf[10], cp_buf[10]; fgets(buf, 10, stdin); strcpy(cp_buf, buf);
Bad · C
In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-34065 Nimiq 安全漏洞 — nimiq-primitives 7.5 High2026-04-22
CVE-2026-35344 uutils coreutils 安全漏洞 — coreutils 3.3 Low2026-04-22
CVE-2026-35468 core-rs-albatross 安全漏洞 — core-rs-albatross 5.3 Medium2026-04-03
CVE-2026-31830 Sigstore 安全漏洞 — sigstore-ruby 7.5 High2026-03-10
CVE-2026-28691 ImageMagick 缓冲区错误漏洞 — ImageMagick 7.5 High2026-03-09
CVE-2026-0723 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 7.4 High2026-01-22
CVE-2026-21920 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.5 High2026-01-15
CVE-2026-0421 Lenovo ThinkPad BIOS 安全漏洞 — ThinkPad L13 Gen 6 BIOS 6.5 Medium2026-01-14
CVE-2026-22861 iccDEV 安全漏洞 — iccDEV 8.8 High2026-01-13
CVE-2026-21492 iccDEV 代码问题漏洞 — iccDEV 5.5 Medium2026-01-06
CVE-2025-66565 Fiber Utils 安全特征问题漏洞 — utils 7.5AIHighAI2025-12-09
CVE-2025-64169 Wazuh 代码问题漏洞 — wazuh 7.5 -2025-11-21
CVE-2025-62791 Wazuh 代码问题漏洞 — wazuh 7.5AIHighAI2025-10-29
CVE-2025-62789 Wazuh 代码问题漏洞 — wazuh 7.5AIHighAI2025-10-29
CVE-2025-62785 Wazuh 代码问题漏洞 — wazuh 7.5AIHighAI2025-10-29
CVE-2025-11839 GNU Binutils 安全漏洞 — Binutils 3.3 Low2025-10-16
CVE-2025-61935 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2025-10-15
CVE-2025-58903 Fortinet FortiOS 安全漏洞 — FortiOS 2.5 Low2025-10-14
CVE-2025-55146 Ivanti多款产品 安全漏洞 — Connect Secure 4.9 Medium2025-09-09
CVE-2025-54571 ModSecurity 安全漏洞 — ModSecurity 6.1AIMediumAI2025-08-05
CVE-2025-1394 Silicon Labs Zigbee EmberZNet SDK 安全漏洞 — Zigbee Stack 9.1AICriticalAI2025-07-30
CVE-2025-46672 CryptoLib 安全漏洞 — CryptoLib 3.5 Low2025-04-27
CVE-2024-12650 WAGO Touch Panel 安全漏洞 — CC100 0751-9x01 5.4 Medium2025-03-05
CVE-2025-25724 libarchive 安全漏洞 — libarchive 4.0 Medium2025-03-02
CVE-2024-45775 GNU GRUB 安全漏洞 5.2 Medium2025-02-18
CVE-2025-0518 FFmpeg 安全漏洞 — FFmpeg 6.5 -2025-01-16
CVE-2024-45419 Zoom多款产品 安全漏洞 — Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers 8.1 High2024-11-19
CVE-2024-50306 Apache Traffic Server(ATS) 安全漏洞 — Apache Traffic Server 9.8 -2024-11-14
CVE-2024-8110 Yokogawa Dual-redundant Platform for Computer 安全漏洞 — Dual-redundant Platform for Computer (PC2CKM) 7.5 High2024-09-17
CVE-2024-42491 Asterisk 安全漏洞 — asterisk 5.7 Medium2024-09-05

CWE-252(未加检查的返回值) 是常见的弱点类别,本平台收录该类弱点关联的 59 条 CVE 漏洞。