Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-394 (未预期的状态编码或返回值) — Vulnerability Class 13

13 vulnerabilities classified as CWE-394 (未预期的状态编码或返回值). AI Chinese analysis included.

CWE-394 represents a logic error where software fails to validate return values that are technically valid but semantically unexpected. This weakness arises when developers assume a function’s output will always conform to a specific subset of legitimate results, ignoring other possible valid states. Attackers typically exploit this by manipulating inputs to trigger these unhandled valid responses, potentially bypassing security controls or causing unexpected system behavior. For instance, a function might return a success code for a partial operation, which the application mistakenly interprets as full completion. To prevent this, developers must implement comprehensive error handling that explicitly checks for all documented return values, not just the expected ones. Using strict validation logic and defensive programming techniques ensures that every possible legitimate outcome is accounted for, thereby eliminating ambiguity in application flow and enhancing overall system resilience against logic-based attacks.

MITRE CWE Description
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.
Common Consequences (1)
Integrity, OtherUnexpected State, Alter Execution Logic
CVE IDTitleCVSSSeverityPublished
CVE-2026-25085 Copeland XWEB and XWEB Pro Unexpected Status Code or Return Value — Copeland XWEB 300D PRO 8.6 High2026-02-27
CVE-2025-48510 AMD uProf 安全漏洞 — AMD μProf 7.1 High2025-11-24
CVE-2025-12516 Lack of Graceful Error Handling - HTTP 5xx Error — BLU-IC2 5.3AIMediumAI2025-10-30
CVE-2025-12515 Systemic Internal Server Errors - HTTP 500 Response — BLU-IC2 6.5AIMediumAI2025-10-30
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter — PingFederate 7.5AIHighAI2025-06-15
CVE-2025-23013 Yubico pam-u2f 安全漏洞 — pam-u2f 7.8 -2025-01-15
CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation — Plv8 7.2 High2024-03-14
CVE-2023-48429 Siemens SINEC INS 安全漏洞 — SINEC INS 2.7 Low2023-12-12
CVE-2023-25948 Server Data type confusion - info leak — Experion Server 7.5 High2023-07-13
CVE-2023-28975 Junos OS: The kernel will crash when certain USB devices are inserted — Junos OS 4.6 Medium2023-04-17
CVE-2019-20924 Invariant in IndexBoundsBuilder — MongoDB Server 6.5 Medium2020-11-23
CVE-2018-20802 Post-auth queries on compound index may crash mongod — MongoDB Server 6.5 Medium2020-11-23
CVE-2019-0066 Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core — Junos OS 7.5 High2019-10-09

Vulnerabilities classified as CWE-394 (未预期的状态编码或返回值) represent 13 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.