CWE-252— Unchecked Return Value
162 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-252page 2 of 4
- CVE-2021-38114MEDIUMCVSS 5.5EG 5.52021-08-04
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
- CVE-2021-38171CRITICALCVSS 9.8EG 9.82021-08-21
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
- CVE-2021-3911MEDIUMCVSS 4.2EG 4.22021-11-11
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
- CVE-2021-39643MEDIUMCVSS 6.7EG 6.72021-12-15
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges ne…
- CVE-2021-3998HIGHCVSS 7.5EG 7.52022-08-24
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
- CVE-2021-40401HIGHCVSS 8.6EG 7.82022-02-04
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker ca…
- CVE-2021-41041MEDIUMCVSS 5.3EG 5.32022-04-27
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandl…
- CVE-2021-4189MEDIUMCVSS 5.3EG 5.32022-08-24
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a…
- CVE-2021-42780MEDIUMCVSS 5.3EG 5.32022-04-18
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
- CVE-2021-47360MEDIUMCVSS 5.5EG 5.52024-05-21
In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed usi…
- CVE-2022-0485MEDIUMCVSS 4.8EG 7.42022-08-29
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *e…
- CVE-2022-0907MEDIUMCVSS 5.5EG 5.52022-03-11
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
- CVE-2022-1319HIGHCVSS 7.5EG 7.52022-08-31
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused …
- CVE-2022-21211MEDIUMCVSS 5.9EG 7.52022-06-10
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.
- CVE-2022-22231HIGHCVSS 7.5EG 7.52022-10-18
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unifi…
- CVE-2022-22233MEDIUMCVSS 5.5EG 5.52022-10-18
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service…
- CVE-2022-23476HIGHCVSS 7.5EG 7.52022-12-08
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead…
- CVE-2022-23495HIGHCVSS 7.5EG 7.52022-12-08
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A `ProtoNode` may be modified in such a way as to cause various encode errors which will trigger a panic on common meth…
- CVE-2022-23626HIGHCVSS 8.5EG 8.52022-02-08
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original fil…
- CVE-2022-23806CRITICALCVSS 9.1EG 9.12022-02-11
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
- CVE-2022-25718CRITICALCVSS 9.1EG 9.82022-10-19
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
- CVE-2022-30783MEDIUMCVSS 6.7EG 6.72022-05-26
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
- CVE-2022-3108MEDIUMCVSS 5.5EG 5.52022-12-14
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
- CVE-2022-31089HIGHCVSS 7.5EG 7.52022-06-27
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running mult…
- CVE-2022-31170HIGHCVSS 7.5EG 7.52022-07-22
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully ret…
- CVE-2022-31220LOWCVSS 3.0EG 5.12022-09-12
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
- CVE-2022-31225LOWCVSS 3.0EG 5.12022-09-12
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
- CVE-2022-3807MEDIUMCVSS 4.3EG 6.52022-11-01
A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attac…
- CVE-2022-38936HIGHCVSS 7.5EG 7.52022-09-23
An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.
- CVE-2022-40279HIGHCVSS 7.5EG 7.52022-09-29
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (…
- CVE-2022-40716MEDIUMCVSS 6.5EG 6.52022-09-23
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11…
- CVE-2022-43763HIGHCVSS 7.5EG 7.52023-02-08
Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
- CVE-2022-43765HIGHCVSS 7.5EG 7.52023-02-08
B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.
- CVE-2022-46897MEDIUMCVSS 5.3EG 5.32024-04-22
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions.
- CVE-2023-23003MEDIUMCVSS 4.0EG 7.82023-03-01
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.
- CVE-2023-24825HIGHCVSS 7.5EG 7.52023-05-30
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer …
- CVE-2023-25733HIGHCVSS 7.5EG 7.52023-06-19
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
- CVE-2023-26591LOWCVSS 2.0EG 2.02024-02-14
Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.
- CVE-2023-29243MEDIUMCVSS 4.4EG 4.42023-08-11
Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.
- CVE-2023-3013HIGHCVSS 7.1EG 4.42023-05-31
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
- CVE-2023-3247LOWCVSS 2.6EG 2.62023-07-22
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In cas…
- CVE-2023-37902MEDIUMCVSS 5.3EG 5.32023-07-25
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin wi…
- CVE-2023-40067MEDIUMCVSS 5.7EG 5.72024-08-14
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
- CVE-2023-40303HIGHCVSS 7.8EG 7.82023-08-14
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a proce…
- CVE-2023-41092HIGHCVSS 7.6EG 7.62024-05-16
Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
- CVE-2023-4162MEDIUMCVSS 4.4EG 4.42023-08-31
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabri…
- CVE-2023-44182HIGHCVSS 7.3EG 7.32023-10-13
An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web U…
- CVE-2023-44322LOWCVSS 3.7EG 3.72023-11-14
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
- CVE-2023-47480HIGHCVSS 8.4EG 8.42024-09-20
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.
- CVE-2023-50359LOWCVSS 3.4EG 3.42024-02-02
An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a …
Map vulnerabilities like CWE-252 to your infrastructure
EchelonGraph correlates every CVE — across CWE-252 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →