Description

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-754

Consequences

Integrity, Other: Unexpected State, Alter Execution Logic

Potential Mitigations

CVE References

• CVE-2004-1395
  • Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server’s listening loop to exit.

• CVE-2002-2124
  • Unchecked return code from recv() leads to infinite loop.

• CVE-2005-2553
  • Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn’t.

• CVE-2005-1858
  • Memory not properly cleared when read() function call returns fewer bytes than expected.

• CVE-2000-0536
  • Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.

• CVE-2001-0910
  • Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.

• CVE-2004-2371
  • Game server doesn’t check return values for functions that handle text strings and associated size values.

• CVE-2005-1267
  • Resultant infinite loop when function call returns -1 value.