Tag Archives: CWE- 253

CWE-253 – Incorrect Check of Function Return Value

Read Time:47 Second

Description

The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.

Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Low

 

Related Weaknesses

CWE-573
CWE-754

 

Consequences

Availability, Integrity: Unexpected State, DoS: Crash, Exit, or Restart

An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use a language or compiler that uses exceptions and requires the catching of those exceptions.

Phase: Implementation

Description: 

Properly check all functions which return a value.

Phase: Implementation

Description: 

When designing any function make sure you return a value or throw an exception in case of an error.

CVE References