CWE-252
AllowedUnchecked Return Value
Abstraction: Base · Status: Draft
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
227 vulnerabilities reference this CWE, most recent first.
GHSA-4X34-CHG5-MWJJ
Vulnerability from github – Published: 2026-07-06 19:27 – Updated: 2026-07-06 19:27In Chmoder::chmod() the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the last file processed:
if self.recursive {
r = self.walk_dir_with_context(file, true); // overwrites r
} else {
r = self.chmod_file(file).and(r);
}
PoC: GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:
$ chmod -R 0755 chmod-bug/root chmod-bug/user # GNU -> ret=1
$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user # -> ret=0
Impact: scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.
Remediation: Acknowledged by Canonical; fixed in commit abd581f6.
Reported by Zellic in the uutils coreutils Program Security Assessment (prepared for Canonical, Jan 20 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242. Finding 3.2. Credit: Zellic.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "uu_chmod"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35339"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-253",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-06T19:27:41Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:\n\n```\nif self.recursive {\n r = self.walk_dir_with_context(file, true); // overwrites r\n} else {\n r = self.chmod_file(file).and(r);\n}\n```\n\n**PoC:** GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:\n\n```\n$ chmod -R 0755 chmod-bug/root chmod-bug/user # GNU -\u003e ret=1\n$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user # -\u003e ret=0\n```\n\n**Impact:** scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.\n\n**Remediation:** Acknowledged by Canonical; fixed in commit abd581f6.\n\n---\n_Reported by Zellic in the *uutils coreutils Program Security Assessment* (prepared for Canonical, Jan 20 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`. Finding 3.2. Credit: Zellic._",
"id": "GHSA-4x34-chg5-mwjj",
"modified": "2026-07-06T19:27:41Z",
"published": "2026-07-06T19:27:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/security/advisories/GHSA-4x34-chg5-mwjj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35339"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/9793"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/commit/abd581f62e97d0b147306ac40eac13af71c6fbba"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)"
}
GHSA-5426-CCH2-9RW5
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
{
"affected": [],
"aliases": [
"CVE-2018-14367"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-19T02:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.",
"id": "GHSA-5426-cch2-9rw5",
"modified": "2022-05-13T01:27:51Z",
"published": "2022-05-13T01:27:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14367"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-42.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104847"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041608"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5559-MWX3-3R74
Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2026-01-07 21:31In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: Add missing check for alloc_ordered_workqueue
Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.
{
"affected": [],
"aliases": [
"CVE-2025-38602"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T17:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: Add missing check for alloc_ordered_workqueue\n\nAdd check for the return value of alloc_ordered_workqueue since it may\nreturn NULL pointer.",
"id": "GHSA-5559-mwx3-3r74",
"modified": "2026-01-07T21:31:39Z",
"published": "2025-08-19T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38602"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e9f85ee3b46453a2f250a57d3a9f10c70c71202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6663c52608d8d8727bf1911e6d9218069ba1c85e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70a1b527eaea9430b1bd87de59f3b9f6bd225701"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7dd6350307af6521b6240b295c93b7eec4daebe6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/90a0d9f339960448a3acc1437a46730f975efd6a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b398120fbe0acfef60b16f6a0f69902d385d7728"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0e43c3f6c0a79381b468574c241065998412b7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c80832d445653baba5ac80cd2c2637c437ac881b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca980f1911a7144d451d1c31298ab8507c6bd88f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5C52-PCR5-2P4M
Vulnerability from github – Published: 2025-04-27 03:30 – Updated: 2025-04-27 03:30NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.
{
"affected": [],
"aliases": [
"CVE-2025-46672"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-27T01:15:44Z",
"severity": "LOW"
},
"details": "NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking.",
"id": "GHSA-5c52-pcr5-2p4m",
"modified": "2025-04-27T03:30:22Z",
"published": "2025-04-27T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46672"
},
{
"type": "WEB",
"url": "https://github.com/nasa/CryptoLib/pull/360"
},
{
"type": "WEB",
"url": "https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2"
},
{
"type": "WEB",
"url": "https://securitybynature.fr/post/hacking-cryptolib"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5JVW-5R9C-59Q7
Vulnerability from github – Published: 2022-05-01 02:26 – Updated: 2022-05-01 02:26The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
{
"affected": [],
"aliases": [
"CVE-2005-4360"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-12-20T01:03:00Z",
"severity": "HIGH"
},
"details": "The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to \".dll\" followed by arguments such as \"~0\" through \"~9\", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using \"/_vti_bin/.dll/*/~0\". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).",
"id": "GHSA-5jvw-5r9c-59q7",
"modified": "2022-05-01T02:26:34Z",
"published": "2022-05-01T02:26:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4360"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703"
},
{
"type": "WEB",
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
},
{
"type": "WEB",
"url": "http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/18106"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/271"
},
{
"type": "WEB",
"url": "http://securitytracker.com/alerts/2005/Dec/1015376.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/21805"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/419707/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/15921"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2005/2963"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5M9V-M547-62QF
Vulnerability from github – Published: 2026-01-15 00:31 – Updated: 2026-01-15 00:31A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.
{
"affected": [],
"aliases": [
"CVE-2026-0421"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T23:15:56Z",
"severity": "HIGH"
},
"details": "A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as \u201cOn\u201d in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.",
"id": "GHSA-5m9v-m547-62qf",
"modified": "2026-01-15T00:31:38Z",
"published": "2026-01-15T00:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0421"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-210688"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5R46-Q4X7-6FX6
Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-08 00:00A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
{
"affected": [],
"aliases": [
"CVE-2022-1319"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-31T16:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"id": "GHSA-5r46-q4x7-6fx6",
"modified": "2022-09-08T00:00:33Z",
"published": "2022-09-01T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/UNDERTOW-2060"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221014-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62PG-X942-M53F
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.
{
"affected": [],
"aliases": [
"CVE-2021-29853"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T17:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.",
"id": "GHSA-62pg-x942-m53f",
"modified": "2022-05-24T19:12:41Z",
"published": "2022-05-24T19:12:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29853"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205529"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6480413"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6676-52PP-H5FG
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
{
"affected": [],
"aliases": [
"CVE-2020-29569"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-\u003exenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.",
"id": "GHSA-6676-52pp-h5fg",
"modified": "2022-05-24T17:36:34Z",
"published": "2022-05-24T17:36:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29569"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-30"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210205-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-350.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-67XF-XPHQ-9MCC
Vulnerability from github – Published: 2022-08-25 00:00 – Updated: 2025-11-04 00:30A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
{
"affected": [],
"aliases": [
"CVE-2021-4189"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-24T16:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.",
"id": "GHSA-67xf-xphq-9mcc",
"modified": "2025-11-04T00:30:32Z",
"published": "2022-08-25T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4189"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-4189"
},
{
"type": "WEB",
"url": "https://bugs.python.org/issue43285"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036020"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"type": "WEB",
"url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4189"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221104-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-53
Check the results of all functions that return a value and verify that the value is expected.
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Ensure that you account for all possible return values from the function.
Mitigation
When designing a function, make sure you return a value or throw an exception in case of an error.
No CAPEC attack patterns related to this CWE.