Unexpected Status Code or Return Value
Weakness ID: 394 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Observed Examples
CVE-2004-1395Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server's listening loop to exit.
CVE-2002-2124Unchecked return code from recv() leads to infinite loop.
CVE-2005-2553Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn't.
CVE-2005-1858Memory not properly cleared when read() function call returns fewer bytes than expected.
CVE-2000-0536Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.
CVE-2001-0910Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.
CVE-2004-2371Game server doesn't check return values for functions that handle text strings and associated size values.
CVE-2005-1267Resultant infinite loop when function call returns -1 value.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory389Error Conditions, Return Values, Status Codes
Development Concepts (primary)699
ChildOfCategoryCategory728OWASP Top Ten 2004 Category A7 - Improper Error Handling
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfWeakness ClassWeakness Class754Improper Check for Unusual or Exceptional Conditions
Research Concepts (primary)1000
+ Relationship Notes

Usually primary, but can be resultant from issues such as behavioral change or API abuse. This can produce resultant vulnerabilities.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUnexpected Status Code or Return Value
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-03-10CWE Content TeamMITREInternal
updated Relationships
2009-12-28CWE Content TeamMITREInternal
updated Other Notes, Relationship Notes