Common Weakness Enumeration

CWE-252

Allowed

Unchecked Return Value

Abstraction: Base · Status: Draft

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

227 vulnerabilities reference this CWE, most recent first.

GHSA-RCF7-XJFR-3CGC

Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2024-04-04 08:36
VLAI
Details

An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.

Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.

This issue affects:

Juniper Networks Junos OS

  • All versions prior to 20.4R3-S7;
  • 21.1 versions prior to 21.1R3-S5;
  • 21.2 versions prior to 21.2R3-S5;
  • 21.3 versions prior to 21.3R3-S4;
  • 21.4 versions prior to 21.4R3-S3;
  • 22.1 versions prior to 22.1R3-S2;
  • 22.2 versions prior to 22.2R2-S2, 22.2R3;
  • 22.3 versions prior to 22.3R1-S2, 22.3R2.

Juniper Networks Junos OS Evolved

  • All versions prior to 21.4R3-S3-EVO;
  • 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;
  • 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-13T00:15:11Z",
    "severity": "HIGH"
  },
  "details": "\nAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\n\nMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  All versions prior to 20.4R3-S7;\n  *  21.1 versions prior to 21.1R3-S5;\n  *  21.2 versions prior to 21.2R3-S5;\n  *  21.3 versions prior to 21.3R3-S4;\n  *  21.4 versions prior to 21.4R3-S3;\n  *  22.1 versions prior to 22.1R3-S2;\n  *  22.2 versions prior to 22.2R2-S2, 22.2R3;\n  *  22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n  *  All versions prior to 21.4R3-S3-EVO;\n  *  22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\n  *  22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n",
  "id": "GHSA-rcf7-xjfr-3cgc",
  "modified": "2024-04-04T08:36:44Z",
  "published": "2023-10-13T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44182"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA73149"
    },
    {
      "type": "WEB",
      "url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html"
    },
    {
      "type": "WEB",
      "url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCW6-69H3-89FH

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2025-10-22 00:31
VLAI
Details

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-755",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-29T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.",
  "id": "GHSA-rcw6-69h3-89fh",
  "modified": "2025-10-22T00:31:50Z",
  "published": "2022-05-24T17:07:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Jan/51"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4268-1"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4611"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/390745"
    },
    {
      "type": "WEB",
      "url": "https://www.openbsd.org/security.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Jan/49"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/01/28/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHMM-FWG9-R5M5

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2025-08-15 21:31
VLAI
Details

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-26T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.",
  "id": "GHSA-rhmm-fwg9-r5m5",
  "modified": "2025-08-15T21:31:13Z",
  "published": "2022-05-24T19:18:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34585"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16876\u0026token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7\u0026download="
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2021-47"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJMV-PJ96-38PH

Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-08 00:00
VLAI
Details

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-26T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.",
  "id": "GHSA-rjmv-pj96-38ph",
  "modified": "2022-06-08T00:00:34Z",
  "published": "2022-05-27T00:00:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30783"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tuxera/ntfs-3g/releases"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JPX6OUCQKZX4PN5DQPVDUFZCOOZUX7Z"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECDCISL24TYH4CTDFCUVF24WAKRSYF7F"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAXFYIJWT5SHHRNPOJETM77EIMJ6ZP6I"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEXHDCUSLJD2HSPMAAVZ5AWMPUOG6UI7"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202301-01"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5160"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/06/07/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V2F4-J72X-QFX5

Vulnerability from github – Published: 2023-06-19 12:30 – Updated: 2024-04-04 04:56
VLAI
Details

The return value from gfx::SourceSurfaceSkia::Map() wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-19T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "The return value from `gfx::SourceSurfaceSkia::Map()` wasn\u0027t being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox \u003c 110.",
  "id": "GHSA-v2f4-j72x-qfx5",
  "modified": "2024-04-04T04:56:31Z",
  "published": "2023-06-19T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25733"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808632"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6H2-V25P-VQ52

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-03T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.",
  "id": "GHSA-v6h2-v25p-vq52",
  "modified": "2022-05-13T01:10:27Z",
  "published": "2022-05-13T01:10:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10061"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/196"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410471"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95207"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V93W-H828-2462

Vulnerability from github – Published: 2025-07-30 09:31 – Updated: 2025-07-30 09:31
VLAI
Details

Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-30T08:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS).",
  "id": "GHSA-v93w-h828-2462",
  "modified": "2025-07-30T09:31:22Z",
  "published": "2025-07-30T09:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1394"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/068Vm00000SkHNX"
    },
    {
      "type": "WEB",
      "url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-7.5.0.0.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.0.3.0.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.1.0.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VJ9C-H3R9-JWRF

Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31
VLAI
Details

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.

This issue affects Junos OS on SRX Series:

  • 23.4 versions before 23.4R2-S5,
  • 24.2 versions before 24.2R2-S1,
  • 24.4 versions before 24.4R2.

This issue does not affect Junos OS versions before 23.4R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T21:16:08Z",
    "severity": "HIGH"
  },
  "details": "An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\n\nIf an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  23.4 versions before 23.4R2-S5,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R2.\n\n\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1.",
  "id": "GHSA-vj9c-h3r9-jwrf",
  "modified": "2026-01-15T21:31:48Z",
  "published": "2026-01-15T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21920"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA106020"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA106020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VX2V-MJFF-9HJF

Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2024-11-06 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: safexcel - Add error handling for dma_map_sg() calls

Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg().

Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: safexcel - Add error handling for dma_map_sg() calls\n\nMacro dma_map_sg() may return 0 on error. This patch enables\nchecks in case of the macro failure and ensures unmapping of\npreviously mapped buffers with dma_unmap_sg().\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.",
  "id": "GHSA-vx2v-mjff-9hjf",
  "modified": "2024-11-06T18:31:04Z",
  "published": "2024-05-17T15:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52687"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c0ac81a172a69a7733290915276672787e904ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8084b788c2fb1260f7d44c032d5124680b20d2b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87e02063d07708cac5bfe9fd3a6a242898758ac8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc0b785802b856566df3ac943e38a072557001c4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2MW-45J6-M2CQ

Vulnerability from github – Published: 2023-08-14 06:30 – Updated: 2023-12-31 00:30
VLAI
Details

GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-14T05:15:10Z",
    "severity": "HIGH"
  },
  "details": "GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.",
  "id": "GHSA-w2mw-45j6-m2cq",
  "modified": "2023-12-31T00:30:27Z",
  "published": "2023-08-14T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40303"
    },
    {
      "type": "WEB",
      "url": "https://ftp.gnu.org/gnu/inetutils"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/12/30/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-53
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Implementation

Ensure that you account for all possible return values from the function.

Mitigation
Implementation

When designing a function, make sure you return a value or throw an exception in case of an error.

No CAPEC attack patterns related to this CWE.