CWE-253: Incorrect Check of Function Return Value
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
扩展描述
Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.
常见后果
影响范围: Availability Integrity
技术影响: Unexpected State DoS: Crash, Exit, or Restart
说明: An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.
潜在缓解措施
阶段: Architecture and Design
策略: Language Selection
描述: Use a language or compiler that uses exceptions and requires the catching of those exceptions.
阶段: Implementation
描述: Properly check all functions which return a value.
阶段: Implementation
描述: When designing any function make sure you return a value or throw an exception in case of an error.
观察示例
参考: CVE-2023-49286
Chain: function in web caching proxy does not correctly check a return value (CWE-253) leading to a reachable assertion (CWE-617)
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Misinterpreted function return value | - |
| Software Fault Patterns | SFP4 | Unchecked Status Condition | - |
| CERT C Secure Coding | ERR33-C | Detect and handle standard library errors | Imprecise |
| CERT C Secure Coding | POS54-C | Detect and handle POSIX library errors | Imprecise |