CWE-253
AllowedIncorrect Check of Function Return Value
Abstraction: Base · Status: Incomplete
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
38 vulnerabilities reference this CWE, most recent first.
CVE-2017-7474 (GCVE-0-2017-7474)
Vulnerability from cvelistv5 – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1445271 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-1203.html | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | Keycloak Node.js adapter |
Affected:
2.5 - 3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Keycloak Node.js adapter",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "2.5 - 3.0"
}
]
}
],
"datePublic": "2017-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Keycloak Node.js adapter",
"version": {
"version_data": [
{
"version_value": "2.5 - 3.0"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-253"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
},
{
"name": "RHSA-2017:1203",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7474",
"datePublished": "2017-05-12T19:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-4X34-CHG5-MWJJ
Vulnerability from github – Published: 2026-07-06 19:27 – Updated: 2026-07-06 19:27In Chmoder::chmod() the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the last file processed:
if self.recursive {
r = self.walk_dir_with_context(file, true); // overwrites r
} else {
r = self.chmod_file(file).and(r);
}
PoC: GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:
$ chmod -R 0755 chmod-bug/root chmod-bug/user # GNU -> ret=1
$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user # -> ret=0
Impact: scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.
Remediation: Acknowledged by Canonical; fixed in commit abd581f6.
Reported by Zellic in the uutils coreutils Program Security Assessment (prepared for Canonical, Jan 20 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242. Finding 3.2. Credit: Zellic.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "uu_chmod"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35339"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-253",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-06T19:27:41Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:\n\n```\nif self.recursive {\n r = self.walk_dir_with_context(file, true); // overwrites r\n} else {\n r = self.chmod_file(file).and(r);\n}\n```\n\n**PoC:** GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:\n\n```\n$ chmod -R 0755 chmod-bug/root chmod-bug/user # GNU -\u003e ret=1\n$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user # -\u003e ret=0\n```\n\n**Impact:** scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.\n\n**Remediation:** Acknowledged by Canonical; fixed in commit abd581f6.\n\n---\n_Reported by Zellic in the *uutils coreutils Program Security Assessment* (prepared for Canonical, Jan 20 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`. Finding 3.2. Credit: Zellic._",
"id": "GHSA-4x34-chg5-mwjj",
"modified": "2026-07-06T19:27:41Z",
"published": "2026-07-06T19:27:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/security/advisories/GHSA-4x34-chg5-mwjj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35339"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/9793"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/commit/abd581f62e97d0b147306ac40eac13af71c6fbba"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)"
}
GHSA-75F4-WW24-H9GR
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-03-23 03:30Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
{
"affected": [],
"aliases": [
"CVE-2024-1622"
],
"database_specific": {
"cwe_ids": [
"CWE-253",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T16:27:52Z",
"severity": "HIGH"
},
"details": "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.",
"id": "GHSA-75f4-ww24-h9gr",
"modified": "2024-03-23T03:30:24Z",
"published": "2024-02-26T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1622"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O"
},
{
"type": "WEB",
"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7R87-CJ48-WJ45
Vulnerability from github – Published: 2022-04-26 21:19 – Updated: 2024-09-20 21:03Impact
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session.
The captcha.validate() function would return None if passed no value (e.g. by submitting a request with an empty form).
If implementing users were checking the return value to be False, the captcha verification check could be bypassed.
Sample vulnerable code:
if captcha.validate() == False:
... # abort
else:
... # do stuff
Patches
A new version (1.2.1) is available that fixes the issue.
Workarounds
Users can workaround the issue by not explicitly checking that the value is False.
Checking the return value less explicitly should still work.
if not captcha.validate():
... # abort
else:
... # do stuff
if captcha.validate():
... # do stuff
else:
... # abort
References
https://github.com/Tethik/flask-session-captcha/pull/27
For more information
If you have any questions or comments about this advisory: * Open an issue in the github repo
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "flask-session-captcha"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24880"
],
"database_specific": {
"cwe_ids": [
"CWE-253",
"CWE-394",
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-26T21:19:52Z",
"nvd_published_at": "2022-04-25T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nflask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session.\n\nThe `captcha.validate()` function would return `None` if passed no value (e.g. by submitting a request with an empty form).\n\nIf implementing users were checking the return value to be **False**, the captcha verification check could be bypassed.\n\nSample vulnerable code:\n```python\nif captcha.validate() == False:\n ... # abort\nelse:\n ... # do stuff\n```\n\n### Patches\nA new version (1.2.1) is available that fixes the issue.\n\n### Workarounds\nUsers can workaround the issue by not explicitly checking that the value is False. \n\nChecking the return value less explicitly should still work. \n\n```python\nif not captcha.validate():\n ... # abort\nelse:\n ... # do stuff\n```\n\n```python\nif captcha.validate():\n ... # do stuff\nelse:\n ... # abort\n```\n\n### References\nhttps://github.com/Tethik/flask-session-captcha/pull/27\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the github repo](https://github.com/Tethik/flask-session-captcha)\n",
"id": "GHSA-7r87-cj48-wj45",
"modified": "2024-09-20T21:03:06Z",
"published": "2022-04-26T21:19:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Tethik/flask-session-captcha/security/advisories/GHSA-7r87-cj48-wj45"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24880"
},
{
"type": "WEB",
"url": "https://github.com/Tethik/flask-session-captcha/pull/27"
},
{
"type": "WEB",
"url": "https://github.com/Tethik/flask-session-captcha/commit/2811ae23a38d33b620fb7a07de8837c6d65c13e4"
},
{
"type": "PACKAGE",
"url": "https://github.com/Tethik/flask-session-captcha"
},
{
"type": "WEB",
"url": "https://github.com/Tethik/flask-session-captcha/releases/tag/v1.2.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-session-captcha/PYSEC-2022-193.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Potential Captcha Validate Bypass in flask-session-captcha"
}
GHSA-853P-5678-HV8F
Vulnerability from github – Published: 2023-06-14 20:11 – Updated: 2023-06-16 17:57Summary
The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly.
Description
Consider this minimal example:
// First contract, this will be performing a delegate call to the `Callee`.
#[ink(storage)]
pub struct Caller {
value: u128,
}
#[ink(message)]
pub fn get_value(&self, callee_code_hash: Hash) -> u128 {
let result = build_call::<DefaultEnvironment>()
.delegate(callee_code_hash)
.exec_input(ExecutionInput::new(Selector::new(ink::selector_bytes!(
"get_value"
))))
.returns::<u128>()
.invoke();
result
}
// Different contract, using this code hash for the delegate call.
#[ink(storage)]
pub struct Callee {
value: u128,
}
#[ink(message)]
pub fn get_value(&self) -> u128 {
self.value
}
In this example we are executing the Callee code in the context of the Caller contract. This means we'll be using the storage values of the Caller contract.
Running this code we expect the delegate call to return value as it was stored in the Caller contract. However, due to the reported bug a different value is returned (for the case of uints it is 256 times the expected value).
Impact
After conducting an analysis of the on-chain deployments of ink! contracts on Astar, Shiden, Aleph Zero, Amplitude and Pendulum, we have found that no contracts on those chains have been affected by the issue.
This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of https://github.com/paritytech/ink/pull/1450. Since this feature was only released in ink! 4.0.0 no previous versions are affected.
Mitigations
If you have an ink! 4.x series contract, please update it to the 4.2.1 patch release that we just published.
Credits
Thank you Facundo Lerena from CoinFabrik for reporting this problem in a well-structured and responsible way.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ink"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "ink_env"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-34449"
],
"database_specific": {
"cwe_ids": [
"CWE-253",
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-14T20:11:38Z",
"nvd_published_at": "2023-06-14T21:15:09Z",
"severity": "MODERATE"
},
"details": "### Summary\nThe return value when using delegate call mechanics, either through [`CallBuilder::delegate`](https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate) or [`ink_env::invoke_contract_delegate`](https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html), is being decoded incorrectly.\n\n### Description\nConsider this minimal example:\n\n```rust\n// First contract, this will be performing a delegate call to the `Callee`.\n#[ink(storage)]\npub struct Caller {\n value: u128,\n}\n\n#[ink(message)]\npub fn get_value(\u0026self, callee_code_hash: Hash) -\u003e u128 {\n let result = build_call::\u003cDefaultEnvironment\u003e()\n .delegate(callee_code_hash)\n .exec_input(ExecutionInput::new(Selector::new(ink::selector_bytes!(\n \"get_value\"\n ))))\n .returns::\u003cu128\u003e()\n .invoke();\n\n result\n}\n\n// Different contract, using this code hash for the delegate call.\n#[ink(storage)]\npub struct Callee {\n value: u128,\n}\n\n#[ink(message)]\npub fn get_value(\u0026self) -\u003e u128 {\n self.value\n}\n```\n\nIn this example we are executing the `Callee` code in the context of the `Caller` contract. This means we\u0027ll be using the storage values of the `Caller` contract.\n\nRunning this code we expect the delegate call to return `value` as it was stored in the `Caller` contract. However, due to the reported bug a different value is returned (for the case of `uint`s it is `256` times the expected value).\n\n### Impact\nAfter conducting an analysis of the on-chain deployments of ink! contracts on Astar, Shiden, Aleph Zero, Amplitude and Pendulum, we have found that no contracts on those chains have been affected by the issue.\n\nThis bug was related to the mechanics around decoding a call\u0027s return buffer, which was changed as part of https://github.com/paritytech/ink/pull/1450. Since this feature was only released in ink! 4.0.0 no previous versions are affected.\n\n### Mitigations\nIf you have an ink! 4.x series contract, please update it to the [4.2.1](https://github.com/paritytech/ink/releases/tag/v4.2.1) patch release that we just published. \n\n### Credits\nThank you Facundo Lerena from [CoinFabrik](https://www.coinfabrik.com) for reporting this problem in a well-structured and responsible way.",
"id": "GHSA-853p-5678-hv8f",
"modified": "2023-06-16T17:57:43Z",
"published": "2023-06-14T20:11:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/paritytech/ink/security/advisories/GHSA-853p-5678-hv8f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34449"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/ink/pull/1450"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/ink/commit/f1407ee9f87e5f64d467a22d26ee88f61db7f3db"
},
{
"type": "WEB",
"url": "https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate"
},
{
"type": "WEB",
"url": "https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/paritytech/ink"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`"
}
GHSA-88CH-Q68X-36V7
Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-07-06 19:24Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references.
Original Description
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "coreutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-253"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T22:49:39Z",
"nvd_published_at": "2026-04-22T17:16:35Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references.\n\n### Original Description\nA flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.",
"id": "GHSA-88ch-q68x-36v7",
"modified": "2026-07-06T19:24:15Z",
"published": "2026-04-22T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35340"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/10035"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/commit/ebc08af9c34138f474b32ea0ef34bed3b086a3ed"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value",
"withdrawn": "2026-07-06T19:24:15Z"
}
GHSA-96HM-6C2P-P3F2
Vulnerability from github – Published: 2023-07-10 21:31 – Updated: 2024-04-04 05:54Arbitrary file read in Citrix ADC and Citrix Gateway?
{
"affected": [],
"aliases": [
"CVE-2023-24487"
],
"database_specific": {
"cwe_ids": [
"CWE-253"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-10T21:15:10Z",
"severity": "HIGH"
},
"details": "Arbitrary file read\u00a0in Citrix ADC and Citrix Gateway?",
"id": "GHSA-96hm-6c2p-p3f2",
"modified": "2024-04-04T05:54:07Z",
"published": "2023-07-10T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24487"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CJQJ-VHHM-XQ5X
Vulnerability from github – Published: 2025-07-23 15:31 – Updated: 2025-11-05 00:31A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2025-54090"
],
"database_specific": {
"cwe_ids": [
"CWE-253"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-23T14:15:34Z",
"severity": "MODERATE"
},
"details": "A bug in Apache HTTP Server 2.4.64 results in all \"RewriteCond expr ...\" tests evaluating as \"true\".\n\n\n\nUsers are recommended to upgrade to version 2.4.65, which fixes the issue.",
"id": "GHSA-cjqj-vhhm-xq5x",
"modified": "2025-11-05T00:31:22Z",
"published": "2025-07-23T15:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54090"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=44666896"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/24/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-G7M5-W98F-VQG2
Vulnerability from github – Published: 2026-05-04 09:31 – Updated: 2026-05-04 09:31mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
{
"affected": [],
"aliases": [
"CVE-2026-43863"
],
"database_specific": {
"cwe_ids": [
"CWE-253"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T07:16:01Z",
"severity": "LOW"
},
"details": "mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.",
"id": "GHSA-g7m5-w98f-vqg2",
"modified": "2026-05-04T09:31:09Z",
"published": "2026-05-04T09:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43863"
},
{
"type": "WEB",
"url": "https://github.com/muttmua/mutt/commit/fdc04a171777327218a1e78db504926c388b48c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GXH2-P3FJ-8CC8
Vulnerability from github – Published: 2023-09-12 21:30 – Updated: 2024-04-04 07:38User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.
Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.
Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
{
"affected": [],
"aliases": [
"CVE-2023-4501"
],
"database_specific": {
"cwe_ids": [
"CWE-253",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-12T19:15:36Z",
"severity": "CRITICAL"
},
"details": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n",
"id": "GHSA-gxh2-p3fj-8cc8",
"modified": "2024-04-04T07:38:23Z",
"published": "2023-09-12T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4501"
},
{
"type": "WEB",
"url": "https://portal.microfocus.com/s/article/KM000021287"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Use a language or compiler that uses exceptions and requires the catching of those exceptions.
Mitigation
Properly check all functions which return a value.
Mitigation
When designing any function make sure you return a value or throw an exception in case of an error.
No CAPEC attack patterns related to this CWE.