CWE-253
Incorrect Check of Function Return Value
BaseIncompleteLikelihood: Low
Description
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.
Hierarchy (View 1000)
CVEs mapped to this weakness (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35091 | Hig | 0.53 | 8.2 | 0.01 | Apr 1, 2026 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents | |
| CVE-2026-0648 | Hig | 0.51 | 7.8 | 0.00 | Jan 27, 2026 | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to determine failure, but @osek_get_counter() actually returns E_OS_SYS_STACK (defined as 12U) when it fails. This mismatch causes the error branch to never execute even when the counter pool is exhausted. As a result, when the counter pool is depleted, the code proceeds to cast the error code (12U) to a pointer (OSEK_COUNTER *), creating a wild pointer. Subsequent writes to members of this pointer lead to writes to illegal memory addresses (e.g., 0x0000000C), which can trigger immediate HardFaults or silent memory corruption. This vulnerability poses significant risks, including potential denial-of-service attacks (via repeated calls to exhaust the counter pool) and unauthorized memory access. | |
| CVE-2026-35340 | Med | 0.29 | 5.5 | 0.00 | Apr 22, 2026 | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree. | |
| CVE-2026-35339 | Med | 0.29 | 5.5 | 0.00 | Apr 22, 2026 | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions. | |
| CVE-2026-43863 | Low | 0.24 | 3.7 | 0.00 | May 4, 2026 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | |
| CVE-2025-11839 | Low | 0.21 | 3.3 | 0.00 | Oct 16, 2025 | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. |