VYPR

CWE-253

Incorrect Check of Function Return Value

BaseIncompleteLikelihood: Low

Description

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (10)

  • CVE-2017-7474CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.03

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

  • CVE-2026-0648HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to…

  • CVE-2026-35091HigApr 1, 2026
    risk 0.46cvss 8.2epss 0.01

    A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing…

  • CVE-2026-46419HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.

  • CVE-2026-35340MedApr 22, 2026
    risk 0.29cvss 5.5epss 0.00

    A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even…

  • CVE-2026-35339MedApr 22, 2026
    risk 0.29cvss 5.5epss 0.00

    The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0…

  • CVE-2025-11839LowOct 16, 2025
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used…

  • CVE-2026-43863LowMay 4, 2026
    risk 0.17cvss 3.7epss 0.00

    mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

  • CVE-2023-34449Jun 14, 2023
    risk 0.00cvss epss 0.01

    ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or…

  • CVE-2022-24880Apr 25, 2022
    risk 0.00cvss epss 0.01

    flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty…