CWE-389: Error Conditions, Return Values, Status Codes
Error Conditions, Return Values, Status Codes
Category ID: 389 (Category)
If a function in a product does not generate the correct return/status codes, or if the product does not handle all possible return/status codes that could be generated by a function, then security issues may result.
This type of problem is most often found in conditions that are rarely encountered during the normal operation of the product. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger the rare conditions.
the weakness exists independent of other weaknesses)
Many researchers focus on the resultant weaknesses and do not necessarily
diagnose whether a rare condition is the primary factor. However, since 2005
it seems to be reported more frequently than in the past. This subject needs