CWE

Error Conditions, Return Values, Status Codes

ID: 389		Date: (C)2012-05-14   (M)2022-10-10
Type: category		Status: INCOMPLETE

Description

If a function in a product does not generate the correct return/status codes, or if the product does not handle all possible return/status codes that could be generated by a function, then security issues may result.

Extended Description

This type of problem is most often found in conditions that are rarely encountered during the normal operation of the product. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger the rare conditions.

Applicable Platforms
Language Class: All

Common Consequences
None

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-389 ChildOf CWE-388	Category	CWE-699

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Error Conditions, Return Values, Status Codes

References:
None