CWE-253
Incorrect Check of Function Return Value
Description
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
Hierarchy (View 1000)
CVEs mapped to this weakness (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7474 | Cri | 0.64 | 9.8 | 0.03 | May 12, 2017 | It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. | ||
| CVE-2026-0648 | Hig | 0.51 | 7.8 | 0.00 | Jan 27, 2026 | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to… | ||
| CVE-2026-35091 | Hig | 0.46 | 8.2 | 0.01 | Apr 1, 2026 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing… | ||
| CVE-2026-46419 | Hig | 0.42 | 7.5 | 0.00 | May 14, 2026 | Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation. | ||
| CVE-2026-35340 | Med | 0.29 | 5.5 | 0.00 | Apr 22, 2026 | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even… | ||
| CVE-2026-35339 | Med | 0.29 | 5.5 | 0.00 | Apr 22, 2026 | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0… | ||
| CVE-2025-11839 | Low | 0.21 | 3.3 | 0.00 | Oct 16, 2025 | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used… | ||
| CVE-2026-43863 | Low | 0.17 | 3.7 | 0.00 | May 4, 2026 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | ||
| CVE-2023-34449 | 0.00 | — | 0.01 | Jun 14, 2023 | ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or… | |||
| CVE-2022-24880 | 0.00 | — | 0.01 | Apr 25, 2022 | flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty… |
- risk 0.64cvss 9.8epss 0.03
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
- risk 0.51cvss 7.8epss 0.00
The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to…
- risk 0.46cvss 8.2epss 0.01
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing…
- risk 0.42cvss 7.5epss 0.00
Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.
- risk 0.29cvss 5.5epss 0.00
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even…
- risk 0.29cvss 5.5epss 0.00
The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0…
- risk 0.21cvss 3.3epss 0.00
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used…
- risk 0.17cvss 3.7epss 0.00
mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
- CVE-2023-34449Jun 14, 2023risk 0.00cvss —epss 0.01
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or…
- CVE-2022-24880Apr 25, 2022risk 0.00cvss —epss 0.01
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty…