VYPR

CWE-252

Unchecked Return Value

BaseDraftLikelihood: Low

Description

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Two common programmer assumptions are "this function call can never fail" and "it doesn't matter if this function call fails". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the product is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (55)

page 3 of 3
  • CVE-2023-37902Jul 25, 2023
    risk 0.00cvss epss 0.00

    Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory…

  • CVE-2022-23495Dec 8, 2022
    risk 0.00cvss epss 0.01

    go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error…

  • CVE-2022-23476Dec 8, 2022
    risk 0.00cvss epss 0.02

    Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when…

  • CVE-2022-40716Sep 23, 2022
    risk 0.00cvss epss 0.01

    HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."

  • CVE-2022-31170Jul 21, 2022
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance…

  • CVE-2022-31089Jun 27, 2022
    risk 0.00cvss epss 0.01

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a…

  • CVE-2022-21211Jun 10, 2022
    risk 0.00cvss epss 0.01

    This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

  • CVE-2021-3911Nov 11, 2021
    risk 0.00cvss epss 0.01

    If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.

  • CVE-2021-28675Jun 2, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

  • CVE-2021-26955Feb 9, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.

  • CVE-2021-26958Feb 9, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.

  • CVE-2020-17533Dec 29, 2020
    risk 0.00cvss epss 0.04

    Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and…

  • CVE-2020-15191Sep 25, 2020
    risk 0.00cvss epss 0.01

    In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly…

  • CVE-2018-16643MedSep 6, 2018
    risk 0.00cvss 6.5epss 0.03

    The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via…

  • CVE-2007-5191Oct 4, 2007
    risk 0.00cvss epss 0.00

    mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.