1. Home
  2. CWE Database
  3. CWE-394
Base · Medium

CWE-394: Unexpected Status Code or Return Value

The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

CWE-394 · Base Level ·8 CVEs

Description

The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

Potential Impact

Integrity, Other

Unexpected State, Alter Execution Logic

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2004-1395Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server's listening loop to exit.
CVE-2002-2124Unchecked return code from recv() leads to infinite loop.
CVE-2005-2553Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn't.
CVE-2005-1858Memory not properly cleared when read() function call returns fewer bytes than expected.
CVE-2000-0536Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.
CVE-2001-0910Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.
CVE-2004-2371Game server doesn't check return values for functions that handle text strings and associated size values.
CVE-2005-1267Resultant infinite loop when function call returns -1 value.

CWE-754: Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur fr...

Taxonomy Mappings

  • PLOVER: — Unexpected Status Code or Return Value
  • Software Fault Patterns: SFP4 — Unchecked Status Condition
  • SEI CERT Perl Coding Standard: EXP00-PL — Do not return undef

Frequently Asked Questions

What is CWE-394?

CWE-394 (Unexpected Status Code or Return Value) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

How can CWE-394 be exploited?

Attackers can exploit CWE-394 (Unexpected Status Code or Return Value) to unexpected state, alter execution logic. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-394?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-394?

CWE-394 is classified as a Base-level weakness (Medium abstraction). It has been observed in 8 real-world CVEs.