|
|
|
|
CWE-628 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 628 (Weakness Base) | | Description | Summary The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses. Extended Description There are multiple ways in which this weakness can be introduced, including: (1) the wrong variable or reference; (2) an incorrect number of arguments; (3) incorrect order of arguments; (4) wrong type of arguments; or (5) wrong value. | | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Potential Mitigations | Once found, these issues are easy to fix. Use code inspection tools and
relevant compiler features to identify potential violations. Pay special attention
to code that is not likely to be exercised heavily during QA. Make sure your API's are stable before you use them in production
code. | | Observed Examples | | Reference | Description |
|---|
| CVE-2006-7049 | The method calls the functions with the wrong argument order, which allows
remote attackers to bypass intended access restrictions. |
| | Context Notes | This is usually primary to other weaknesses, but it can be resultant if the
function's API or function prototype changes. Since these bugs typically introduce
obviously incorrect behavior, they are found quickly, unless they occur in rarely-tested
code paths. Managing the correct number of arguments can be made more difficult in cases
where format strings are used, or when variable numbers of arguments are supported. | | Relationships | | | Applicable Platforms | All | | Time of Introduction | Implementation |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
