CWE-252
AllowedUnchecked Return Value
Abstraction: Base · Status: Draft
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
227 vulnerabilities reference this CWE, most recent first.
GHSA-RCF7-XJFR-3CGC
Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:36An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.
Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.
This issue affects:
Juniper Networks Junos OS
- All versions prior to 20.4R3-S7;
- 21.1 versions prior to 21.1R3-S5;
- 21.2 versions prior to 21.2R3-S5;
- 21.3 versions prior to 21.3R3-S4;
- 21.4 versions prior to 21.4R3-S3;
- 22.1 versions prior to 22.1R3-S2;
- 22.2 versions prior to 22.2R2-S2, 22.2R3;
- 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved
- All versions prior to 21.4R3-S3-EVO;
- 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;
- 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2023-44182"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-13T00:15:11Z",
"severity": "HIGH"
},
"details": "\nAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\n\nMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n",
"id": "GHSA-rcf7-xjfr-3cgc",
"modified": "2024-04-04T08:36:44Z",
"published": "2023-10-13T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44182"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA73149"
},
{
"type": "WEB",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html"
},
{
"type": "WEB",
"url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RCW6-69H3-89FH
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2025-10-22 00:31smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
{
"affected": [],
"aliases": [
"CVE-2020-7247"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-755",
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-29T16:15:00Z",
"severity": "HIGH"
},
"details": "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.",
"id": "GHSA-rcw6-69h3-89fh",
"modified": "2025-10-22T00:31:50Z",
"published": "2022-05-24T17:07:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7247"
},
{
"type": "WEB",
"url": "https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/51"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4268-1"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4611"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/390745"
},
{
"type": "WEB",
"url": "https://www.openbsd.org/security.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Jan/49"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHMM-FWG9-R5M5
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2025-08-15 21:31In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
{
"affected": [],
"aliases": [
"CVE-2021-34585"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-26T10:15:00Z",
"severity": "HIGH"
},
"details": "In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.",
"id": "GHSA-rhmm-fwg9-r5m5",
"modified": "2025-08-15T21:31:13Z",
"published": "2022-05-24T19:18:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34585"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16876\u0026token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7\u0026download="
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-47"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJMV-PJ96-38PH
Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-08 00:00An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
{
"affected": [],
"aliases": [
"CVE-2022-30783"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-26T16:15:00Z",
"severity": "MODERATE"
},
"details": "An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.",
"id": "GHSA-rjmv-pj96-38ph",
"modified": "2022-06-08T00:00:34Z",
"published": "2022-05-27T00:00:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30783"
},
{
"type": "WEB",
"url": "https://github.com/tuxera/ntfs-3g/releases"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202301-01"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5160"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/06/07/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V2F4-J72X-QFX5
Vulnerability from github – Published: 2023-06-19 12:30 – Updated: 2024-04-04 04:56The return value from gfx::SourceSurfaceSkia::Map() wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
{
"affected": [],
"aliases": [
"CVE-2023-25733"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-19T11:15:09Z",
"severity": "HIGH"
},
"details": "The return value from `gfx::SourceSurfaceSkia::Map()` wasn\u0027t being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox \u003c 110.",
"id": "GHSA-v2f4-j72x-qfx5",
"modified": "2024-04-04T04:56:31Z",
"published": "2023-06-19T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25733"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808632"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6H2-V25P-VQ52
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
{
"affected": [],
"aliases": [
"CVE-2016-10061"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-03T17:59:00Z",
"severity": "MODERATE"
},
"details": "The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.",
"id": "GHSA-v6h2-v25p-vq52",
"modified": "2022-05-13T01:10:27Z",
"published": "2022-05-13T01:10:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10061"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/196"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410471"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/26/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V93W-H828-2462
Vulnerability from github – Published: 2025-07-30 09:31 – Updated: 2025-07-30 09:31Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS).
{
"affected": [],
"aliases": [
"CVE-2025-1394"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T08:15:33Z",
"severity": "MODERATE"
},
"details": "Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS).",
"id": "GHSA-v93w-h828-2462",
"modified": "2025-07-30T09:31:22Z",
"published": "2025-07-30T09:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1394"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000SkHNX"
},
{
"type": "WEB",
"url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-7.5.0.0.pdf"
},
{
"type": "WEB",
"url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.0.3.0.pdf"
},
{
"type": "WEB",
"url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.1.0.0.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VJ9C-H3R9-JWRF
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.
This issue affects Junos OS on SRX Series:
- 23.4 versions before 23.4R2-S5,
- 24.2 versions before 24.2R2-S1,
- 24.4 versions before 24.4R2.
This issue does not affect Junos OS versions before 23.4R1.
{
"affected": [],
"aliases": [
"CVE-2026-21920"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:08Z",
"severity": "HIGH"
},
"details": "An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\n\nIf an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n\n\n * 23.4 versions before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S1,\n * 24.4 versions before 24.4R2.\n\n\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1.",
"id": "GHSA-vj9c-h3r9-jwrf",
"modified": "2026-01-15T21:31:48Z",
"published": "2026-01-15T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21920"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA106020"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA106020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VX2V-MJFF-9HJF
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-11-06 18:31In the Linux kernel, the following vulnerability has been resolved:
crypto: safexcel - Add error handling for dma_map_sg() calls
Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg().
Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.
{
"affected": [],
"aliases": [
"CVE-2023-52687"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T15:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: safexcel - Add error handling for dma_map_sg() calls\n\nMacro dma_map_sg() may return 0 on error. This patch enables\nchecks in case of the macro failure and ensures unmapping of\npreviously mapped buffers with dma_unmap_sg().\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.",
"id": "GHSA-vx2v-mjff-9hjf",
"modified": "2024-11-06T18:31:04Z",
"published": "2024-05-17T15:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52687"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4c0ac81a172a69a7733290915276672787e904ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8084b788c2fb1260f7d44c032d5124680b20d2b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/87e02063d07708cac5bfe9fd3a6a242898758ac8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc0b785802b856566df3ac943e38a072557001c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2MW-45J6-M2CQ
Vulnerability from github – Published: 2023-08-14 06:30 – Updated: 2023-12-31 00:30GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
{
"affected": [],
"aliases": [
"CVE-2023-40303"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-14T05:15:10Z",
"severity": "HIGH"
},
"details": "GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.",
"id": "GHSA-w2mw-45j6-m2cq",
"modified": "2023-12-31T00:30:27Z",
"published": "2023-08-14T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40303"
},
{
"type": "WEB",
"url": "https://ftp.gnu.org/gnu/inetutils"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/12/30/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-53
Check the results of all functions that return a value and verify that the value is expected.
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Ensure that you account for all possible return values from the function.
Mitigation
When designing a function, make sure you return a value or throw an exception in case of an error.
No CAPEC attack patterns related to this CWE.