Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-253 (对函数返回值的检查不正确) — Vulnerability Class 14

14 vulnerabilities classified as CWE-253 (对函数返回值的检查不正确). AI Chinese analysis included.

CWE-253 represents a logic flaw where software fails to properly validate the return value of a function call, thereby ignoring potential errors or exceptional conditions. This weakness typically allows attackers to exploit unchecked failures, such as null pointer dereferences or resource leaks, leading to application crashes, data corruption, or denial of service. By bypassing critical error handling mechanisms, malicious actors can manipulate program flow to execute unintended operations or access sensitive memory regions. Developers can prevent this vulnerability by rigorously checking every function return value against expected success states. Implementing comprehensive error handling routines ensures that the application gracefully manages failures, logs appropriate diagnostics, and maintains system integrity rather than proceeding with invalid states that could be leveraged for further exploitation.

MITRE CWE Description
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions. Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.
Common Consequences (1)
Availability, IntegrityUnexpected State, DoS: Crash, Exit, or Restart
An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.
Mitigations (3)
Architecture and DesignUse a language or compiler that uses exceptions and requires the catching of those exceptions.
ImplementationProperly check all functions which return a value.
ImplementationWhen designing any function make sure you return a value or throw an exception in case of an error.
Examples (1)
This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.
tmp = malloc(sizeof(int) * 4); if (tmp < 0 ) { perror("Failure"); //should have checked if the call returned 0 }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-43863 mutt 安全漏洞 — mutt 3.7 Low2026-05-04
CVE-2026-35340 uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode — coreutils 5.5 Medium2026-04-22
CVE-2026-35339 uutils coreutils chmod False Success Exit Code in Recursive Mode — coreutils 5.5 Medium2026-04-22
CVE-2026-35091 Corosync: corosync: denial of service and information disclosure via crafted udp packet — Red Hat Enterprise Linux 10 8.2 High2026-04-01
CVE-2026-0648 Eclipse ThreadX USBX 安全漏洞 — Eclipse ThreadX 7.8 High2026-01-27
CVE-2025-57767 Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request — asterisk 7.5 High2025-08-28
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 — Apache HTTP Server 7.5 -2025-07-23
CVE-2024-43521 Windows Hyper-V Denial of Service Vulnerability — Windows Server 2019 7.5 High2024-10-08
CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes — envoy 7.5 High2024-04-18
CVE-2024-1622 Routinator terminates when RTR connection is reset too quickly after opening — Routinator 7.5 High2024-02-26
CVE-2023-24487 Arbitrary file read — Citrix ADC and Citrix Gateway  6.3 Medium2023-07-10
CVE-2022-24880 Potential Captcha Validate Bypass in flask-session-captcha — flask-session-captcha 5.3 Medium2022-04-25
CVE-2020-6107 F2fs.Fsck 代码问题漏洞 — F2fs-Tools 5.5 -2020-10-15
CVE-2017-7474 Red Hat Keycloak Node.js adapter 安全漏洞 — Keycloak Node.js adapter 9.8 -2017-05-12

Vulnerabilities classified as CWE-253 (对函数返回值的检查不正确) represent 14 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.