Common Weakness Enumeration

CWE-253

Allowed

Incorrect Check of Function Return Value

Abstraction: Base · Status: Incomplete

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

38 vulnerabilities reference this CWE, most recent first.

CVE-2017-7474 (GCVE-0-2017-7474)

Vulnerability from cvelistv5 – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
VLAI
Summary
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Severity
No CVSS data available.
CWE
Assigner
References
URL Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1445271 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-1203.html vendor-advisoryx_refsource_REDHAT
Impacted products
Date Public
2017-05-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
          },
          {
            "name": "RHSA-2017:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Keycloak Node.js adapter",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "2.5 - 3.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
        },
        {
          "name": "RHSA-2017:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Keycloak Node.js adapter",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5 - 3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly.  An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-253"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445271"
            },
            {
              "name": "RHSA-2017:1203",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1203.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7474",
    "datePublished": "2017-05-12T19:00:00.000Z",
    "dateReserved": "2017-04-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:04:11.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-4X34-CHG5-MWJJ

Vulnerability from github – Published: 2026-07-06 19:27 – Updated: 2026-07-06 19:27
VLAI
Summary
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
Details

In Chmoder::chmod() the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the last file processed:

if self.recursive {
    r = self.walk_dir_with_context(file, true);   // overwrites r
} else {
    r = self.chmod_file(file).and(r);
}

PoC: GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:

$ chmod -R 0755 chmod-bug/root chmod-bug/user  # GNU -> ret=1
$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user  # -> ret=0

Impact: scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.

Remediation: Acknowledged by Canonical; fixed in commit abd581f6.


Reported by Zellic in the uutils coreutils Program Security Assessment (prepared for Canonical, Jan 20 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242. Finding 3.2. Credit: Zellic.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "uu_chmod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-252",
      "CWE-253",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-06T19:27:41Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "In `Chmoder::chmod()` the recursive branch overwrites the running result instead of accumulating it, so the exit code reflects only the *last* file processed:\n\n```\nif self.recursive {\n    r = self.walk_dir_with_context(file, true);   // overwrites r\n} else {\n    r = self.chmod_file(file).and(r);\n}\n```\n\n**PoC:** GNU returns 1 when a file fails; uutils returns 0 if the last entry succeeds:\n\n```\n$ chmod -R 0755 chmod-bug/root chmod-bug/user  # GNU -\u003e ret=1\n$ uutils chmod -R 0755 chmod-bug/root chmod-bug/user  # -\u003e ret=0\n```\n\n**Impact:** scripts relying on the exit code get a false success signal while some files retained restrictive/unexpected permissions, leading to access-control misconfigurations. Recommendation: accumulate errors during traversal.\n\n**Remediation:** Acknowledged by Canonical; fixed in commit abd581f6.\n\n---\n_Reported by Zellic in the *uutils coreutils Program Security Assessment* (prepared for Canonical, Jan 20 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`. Finding 3.2. Credit: Zellic._",
  "id": "GHSA-4x34-chg5-mwjj",
  "modified": "2026-07-06T19:27:41Z",
  "published": "2026-07-06T19:27:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/security/advisories/GHSA-4x34-chg5-mwjj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35339"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/9793"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/abd581f62e97d0b147306ac40eac13af71c6fbba"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)"
}

GHSA-75F4-WW24-H9GR

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-03-23 03:30
VLAI
Details

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T16:27:52Z",
    "severity": "HIGH"
  },
  "details": "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.",
  "id": "GHSA-75f4-ww24-h9gr",
  "modified": "2024-03-23T03:30:24Z",
  "published": "2024-02-26T18:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1622"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O"
    },
    {
      "type": "WEB",
      "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7R87-CJ48-WJ45

Vulnerability from github – Published: 2022-04-26 21:19 – Updated: 2024-09-20 21:03
VLAI
Summary
Potential Captcha Validate Bypass in flask-session-captcha
Details

Impact

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session.

The captcha.validate() function would return None if passed no value (e.g. by submitting a request with an empty form).

If implementing users were checking the return value to be False, the captcha verification check could be bypassed.

Sample vulnerable code:

if captcha.validate() == False:
    ... # abort
else:
   ... # do stuff

Patches

A new version (1.2.1) is available that fixes the issue.

Workarounds

Users can workaround the issue by not explicitly checking that the value is False.

Checking the return value less explicitly should still work.

if not captcha.validate():
    ... # abort
else:
   ... # do stuff
if captcha.validate():
    ... # do stuff
else:
   ... # abort

References

https://github.com/Tethik/flask-session-captcha/pull/27

For more information

If you have any questions or comments about this advisory: * Open an issue in the github repo

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "flask-session-captcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253",
      "CWE-394",
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-26T21:19:52Z",
    "nvd_published_at": "2022-04-25T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nflask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session.\n\nThe `captcha.validate()` function would return `None` if passed no value (e.g. by submitting a request with an empty form).\n\nIf implementing users were checking the return value to be **False**, the captcha verification check could be bypassed.\n\nSample vulnerable code:\n```python\nif captcha.validate() == False:\n    ... # abort\nelse:\n   ... # do stuff\n```\n\n### Patches\nA new version (1.2.1) is available that fixes the issue.\n\n### Workarounds\nUsers can workaround the issue by not explicitly checking that the value is False. \n\nChecking the return value less explicitly should still work. \n\n```python\nif not captcha.validate():\n    ... # abort\nelse:\n   ... # do stuff\n```\n\n```python\nif captcha.validate():\n    ... # do stuff\nelse:\n   ... # abort\n```\n\n### References\nhttps://github.com/Tethik/flask-session-captcha/pull/27\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the github repo](https://github.com/Tethik/flask-session-captcha)\n",
  "id": "GHSA-7r87-cj48-wj45",
  "modified": "2024-09-20T21:03:06Z",
  "published": "2022-04-26T21:19:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Tethik/flask-session-captcha/security/advisories/GHSA-7r87-cj48-wj45"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24880"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Tethik/flask-session-captcha/pull/27"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Tethik/flask-session-captcha/commit/2811ae23a38d33b620fb7a07de8837c6d65c13e4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Tethik/flask-session-captcha"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Tethik/flask-session-captcha/releases/tag/v1.2.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-session-captcha/PYSEC-2022-193.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Potential Captcha Validate Bypass in flask-session-captcha"
}

GHSA-853P-5678-HV8F

Vulnerability from github – Published: 2023-06-14 20:11 – Updated: 2023-06-16 17:57
VLAI
Summary
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Details

Summary

The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly.

Description

Consider this minimal example:

// First contract, this will be performing a delegate call to the `Callee`.
#[ink(storage)]
pub struct Caller {
    value: u128,
}

#[ink(message)]
pub fn get_value(&self, callee_code_hash: Hash) -> u128 {
    let result = build_call::<DefaultEnvironment>()
        .delegate(callee_code_hash)
        .exec_input(ExecutionInput::new(Selector::new(ink::selector_bytes!(
            "get_value"
        ))))
        .returns::<u128>()
        .invoke();

    result
}

// Different contract, using this code hash for the delegate call.
#[ink(storage)]
pub struct Callee {
    value: u128,
}

#[ink(message)]
pub fn get_value(&self) -> u128 {
    self.value
}

In this example we are executing the Callee code in the context of the Caller contract. This means we'll be using the storage values of the Caller contract.

Running this code we expect the delegate call to return value as it was stored in the Caller contract. However, due to the reported bug a different value is returned (for the case of uints it is 256 times the expected value).

Impact

After conducting an analysis of the on-chain deployments of ink! contracts on Astar, Shiden, Aleph Zero, Amplitude and Pendulum, we have found that no contracts on those chains have been affected by the issue.

This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of https://github.com/paritytech/ink/pull/1450. Since this feature was only released in ink! 4.0.0 no previous versions are affected.

Mitigations

If you have an ink! 4.x series contract, please update it to the 4.2.1 patch release that we just published.

Credits

Thank you Facundo Lerena from CoinFabrik for reporting this problem in a well-structured and responsible way.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "ink"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "ink_env"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-34449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253",
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-14T20:11:38Z",
    "nvd_published_at": "2023-06-14T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe return value when using delegate call mechanics, either through [`CallBuilder::delegate`](https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate) or [`ink_env::invoke_contract_delegate`](https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html), is being decoded incorrectly.\n\n### Description\nConsider this minimal example:\n\n```rust\n// First contract, this will be performing a delegate call to the `Callee`.\n#[ink(storage)]\npub struct Caller {\n    value: u128,\n}\n\n#[ink(message)]\npub fn get_value(\u0026self, callee_code_hash: Hash) -\u003e u128 {\n    let result = build_call::\u003cDefaultEnvironment\u003e()\n        .delegate(callee_code_hash)\n        .exec_input(ExecutionInput::new(Selector::new(ink::selector_bytes!(\n            \"get_value\"\n        ))))\n        .returns::\u003cu128\u003e()\n        .invoke();\n\n    result\n}\n\n// Different contract, using this code hash for the delegate call.\n#[ink(storage)]\npub struct Callee {\n    value: u128,\n}\n\n#[ink(message)]\npub fn get_value(\u0026self) -\u003e u128 {\n    self.value\n}\n```\n\nIn this example we are executing the `Callee` code in the context of the `Caller` contract. This means we\u0027ll be using the storage values of the `Caller` contract.\n\nRunning this code we expect the delegate call to return `value` as it was stored in the `Caller` contract. However, due to the reported bug a different value is returned (for the case of `uint`s it is `256` times the expected value).\n\n### Impact\nAfter conducting an analysis of the on-chain deployments of ink! contracts on Astar, Shiden, Aleph Zero, Amplitude and Pendulum, we have found that no contracts on those chains have been affected by the issue.\n\nThis bug was related to the mechanics around decoding a call\u0027s return buffer, which was changed as part of https://github.com/paritytech/ink/pull/1450. Since this feature was only released in ink! 4.0.0 no previous versions are affected.\n\n### Mitigations\nIf you have an ink! 4.x series contract, please update it to the [4.2.1](https://github.com/paritytech/ink/releases/tag/v4.2.1) patch release that we just published. \n\n### Credits\nThank you Facundo Lerena from [CoinFabrik](https://www.coinfabrik.com) for reporting this problem in a well-structured and responsible way.",
  "id": "GHSA-853p-5678-hv8f",
  "modified": "2023-06-16T17:57:43Z",
  "published": "2023-06-14T20:11:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/ink/security/advisories/GHSA-853p-5678-hv8f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34449"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/ink/pull/1450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paritytech/ink/commit/f1407ee9f87e5f64d467a22d26ee88f61db7f3db"
    },
    {
      "type": "WEB",
      "url": "https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate"
    },
    {
      "type": "WEB",
      "url": "https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/paritytech/ink"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`"
}

GHSA-88CH-Q68X-36V7

Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-07-06 19:24
VLAI
Summary
Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references.

Original Description

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-253"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T22:49:39Z",
    "nvd_published_at": "2026-04-22T17:16:35Z",
    "severity": "MODERATE"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references.\n\n### Original Description\nA flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.",
  "id": "GHSA-88ch-q68x-36v7",
  "modified": "2026-07-06T19:24:15Z",
  "published": "2026-04-22T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/10035"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/ebc08af9c34138f474b32ea0ef34bed3b086a3ed"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value",
  "withdrawn": "2026-07-06T19:24:15Z"
}

GHSA-96HM-6C2P-P3F2

Vulnerability from github – Published: 2023-07-10 21:31 – Updated: 2024-04-04 05:54
VLAI
Details

Arbitrary file read in Citrix ADC and Citrix Gateway?

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-10T21:15:10Z",
    "severity": "HIGH"
  },
  "details": "Arbitrary file read\u00a0in Citrix ADC and Citrix Gateway?",
  "id": "GHSA-96hm-6c2p-p3f2",
  "modified": "2024-04-04T05:54:07Z",
  "published": "2023-07-10T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24487"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJQJ-VHHM-XQ5X

Vulnerability from github – Published: 2025-07-23 15:31 – Updated: 2025-11-05 00:31
VLAI
Details

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".

Users are recommended to upgrade to version 2.4.65, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-23T14:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A bug in Apache HTTP Server 2.4.64 results in all \"RewriteCond expr ...\" tests evaluating as \"true\".\n\n\n\nUsers are recommended to upgrade to version 2.4.65, which fixes the issue.",
  "id": "GHSA-cjqj-vhhm-xq5x",
  "modified": "2025-11-05T00:31:22Z",
  "published": "2025-07-23T15:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54090"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=44666896"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/24/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7M5-W98F-VQG2

Vulnerability from github – Published: 2026-05-04 09:31 – Updated: 2026-05-04 09:31
VLAI
Details

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T07:16:01Z",
    "severity": "LOW"
  },
  "details": "mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.",
  "id": "GHSA-g7m5-w98f-vqg2",
  "modified": "2026-05-04T09:31:09Z",
  "published": "2026-05-04T09:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43863"
    },
    {
      "type": "WEB",
      "url": "https://github.com/muttmua/mutt/commit/fdc04a171777327218a1e78db504926c388b48c4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXH2-P3FJ-8CC8

Vulnerability from github – Published: 2023-09-12 21:30 – Updated: 2024-04-04 07:38
VLAI
Details

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.

Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.

Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-253",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T19:15:36Z",
    "severity": "CRITICAL"
  },
  "details": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n",
  "id": "GHSA-gxh2-p3fj-8cc8",
  "modified": "2024-04-04T07:38:23Z",
  "published": "2023-09-12T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4501"
    },
    {
      "type": "WEB",
      "url": "https://portal.microfocus.com/s/article/KM000021287"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Use a language or compiler that uses exceptions and requires the catching of those exceptions.

Mitigation
Implementation

Properly check all functions which return a value.

Mitigation
Implementation

When designing any function make sure you return a value or throw an exception in case of an error.

No CAPEC attack patterns related to this CWE.