CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-394: Unexpected Status Code or Return Value

Weakness ID: 394
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Integrity
Other

Technical Impact: Unexpected state; Alter execution logic

+ Observed Examples
ReferenceDescription
Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server's listening loop to exit.
Unchecked return code from recv() leads to infinite loop.
Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn't.
Memory not properly cleared when read() function call returns fewer bytes than expected.
Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.
Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.
Game server doesn't check return values for functions that handle text strings and associated size values.
Resultant infinite loop when function call returns -1 value.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory389Error Conditions, Return Values, Status Codes
Development Concepts (primary)699
ChildOfCategoryCategory728OWASP Top Ten 2004 Category A7 - Improper Error Handling
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfWeakness ClassWeakness Class754Improper Check for Unusual or Exceptional Conditions
Research Concepts (primary)1000
ChildOfCategoryCategory962SFP Secondary Cluster: Unchecked Status Condition
Software Fault Pattern (SFP) Clusters (primary)888
+ Relationship Notes

Usually primary, but can be resultant from issues such as behavioral change or API abuse. This can produce resultant vulnerabilities.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUnexpected Status Code or Return Value
Software Fault PatternsSFP4Unchecked Status Condition
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings
2009-03-10CWE Content TeamMITREInternal
updated Relationships
2009-12-28CWE Content TeamMITREInternal
updated Other_Notes, Relationship_Notes
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017