CWE-392

BaseDraft

View on MITRE

Missing Report of Error Condition

The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.

11 linked vulnerabilities

4 related weaknesses

Integrity

Other

Varies by Context

Unexpected State

Errors that are not properly reported could place the system in an unexpected state that could lead to unintended behaviors.

Modes of Introduction

Implementation

Related Weaknesses

CWE-755ChildOf CWE-684ChildOf CWE-703ChildOf CWE-703ChildOf

Example CVEs (5)

[REF-1374]

Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generation of non-unique cryptographic keys for Bitcoin wallets (CWE-1391)

CVE-2004-0063

Function returns "OK" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.

CVE-2002-1446

Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.

CVE-2002-0499

Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.

CVE-2005-2459

Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.

External Links

MITRE CWE Database

CWE-392: Missing Report of Error Condition | Mondoo Vulnerability Intelligence