CWE-394
Unexpected Status Code or Return Value
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Unexpected Status Code or Return Value
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.
Informations générales
Modes d'introduction
ImplementationPlateformes applicables
Langue
Class: Not Language-Specific (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Integrity Other | Unexpected State, Alter Execution Logic |
Exemples observés
| Références | Description |
|---|---|
CVE-2004-1395 | Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server's listening loop to exit. |
CVE-2002-2124 | Unchecked return code from recv() leads to infinite loop. |
CVE-2005-2553 | Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn't. |
CVE-2005-1858 | Memory not properly cleared when read() function call returns fewer bytes than expected. |
CVE-2000-0536 | Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname. |
CVE-2001-0910 | Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname. |
CVE-2004-2371 | Game server doesn't check return values for functions that handle text strings and associated size values. |
CVE-2005-1267 | Resultant infinite loop when function call returns -1 value. |
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
Usually primary, but can be resultant from issues such as behavioral change or API abuse. This can produce resultant vulnerabilities.Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Other_Notes, Relationship_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Mapping_Notes |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.