CWE-253: Incorrect Check of Function Return Value
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
Last updated
Overview
Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.
Real-world CVEs
17 recorded CVEs are caused by CWE-253 (Incorrect Check of Function Return Value). The highest-severity and most recent are shown first. 8 new CWE-253 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2023-52040Critical · CVSS 9.8 · EPSS 54th2024-01-24
- CVE-2017-7474Critical · CVSS 9.8 · EPSS 83th2017-05-12
- CVE-2023-49286High · CVSS 8.6 · EPSS 95th2023-12-04
- CVE-2026-35091
Corosync: corosync: denial of service and information disclosure via crafted udp packet
High · CVSS 8.2 · EPSS 55th2026-04-01 - CVE-2026-53090
bpf: Fix ld_{abs,ind} failure path analysis in subprogs
High · CVSS 7.8 · EPSS 3th2026-06-24 - CVE-2026-0648High · CVSS 7.8 · EPSS 1th2026-01-27
- CVE-2026-46419High · CVSS 7.5 · EPSS 23th2026-05-14
- CVE-2025-57767
Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request
High · CVSS 7.5 · EPSS 30th2025-08-28 - CVE-2024-43521
Windows Hyper-V Denial of Service Vulnerability
High · CVSS 7.5 · EPSS 83th2024-10-08 - CVE-2024-1622High · CVSS 7.5 · EPSS 59th2024-02-26
- CVE-2023-24487High · CVSS 7.5 · EPSS 61th2023-07-10
- CVE-2026-5818
MCU Firmware Update Authentication Bypass on Caliptra Core
High · CVSS 7.2 · EPSS 5th2026-06-23
Showing 12 of 17 recorded CWE-253 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-253 vulnerabilitiesCommon consequences
What can happen when CWE-253 is exploited.
Unexpected State, DoS: Crash, Exit, or Restart
Affects: Availability, Integrity
An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-253, grouped by where in the lifecycle they apply.
Use a language or compiler that uses exceptions and requires the catching of those exceptions.
Properly check all functions which return a value.
When designing any function make sure you return a value or throw an exception in case of an error.
How to detect it
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.
Vulnerable example
tmp = malloc(sizeof(int) * 4);The code assumes that only a negative return value would indicate an error, but malloc() may return a null pointer when there is an error. The value of tmp could then be equal to 0, and the error would be missed.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2023-49286 — Chain: function in web caching proxy does not correctly check a return value (CWE-253) leading to a reachable assertion (CWE-617)
Terminology & mappings
Mapped taxonomies
- CLASP: Misinterpreted function return value
- Software Fault Patterns: Unchecked Status Condition (SFP4)
- CERT C Secure Coding: Detect and handle standard library errors (ERR33-C) — Imprecise fit
- CERT C Secure Coding: Detect and handle POSIX library errors (POS54-C) — Imprecise fit
Frequently asked questions
Common questions about CWE-253.
- What is CWE-253?
- The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
- What CVEs are caused by CWE-253?
- 17 recorded CVEs are attributed to CWE-253, including CVE-2023-52040, CVE-2017-7474, CVE-2023-49286.
- How do you prevent CWE-253?
- Use a language or compiler that uses exceptions and requires the catching of those exceptions.
- How is CWE-253 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-253?
- Exploiting CWE-253 can lead to: Unexpected State, DoS: Crash, Exit, or Restart.
- Is CWE-253 actively exploited?
- 17 recorded CVEs are caused by CWE-253; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-253) (opens in a new tab)
- CWE-253 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-253
Get alerted the moment a new CWE-253 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.