CWE-252: Unchecked Return Value

ID CWE-252

Abstraction Base

Structure Simple

Status Draft

Number of CVEs 112

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Two common programmer assumptions are "this function call can never fail" and "it doesn't matter if this function call fails". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the product is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-754	Improper Check for Unusual or Exceptional Conditions	Class	Simple	Incomplete
CWE-1003	Weaknesses for Simplified Mapping of Published Vulnerabilities	Incomplete	CWE-754	Improper Check for Unusual or Exceptional Conditions	Class	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-476	NULL Pointer Dereference	Base	Simple	Stable

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date