CWE
Home > CWE List > CWE-683 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-683 Individual Dictionary Definition (Draft 9)

Function Call With Incorrect Order of Arguments
Weakness ID
Status: Draft

683 (Weakness Variant)

Description

Summary

The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.

Extended Description

While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.

Weakness Ordinality

Primary (Weakness exists independent of other weaknesses)

Observed Examples
ReferenceDescription
CVE-2006-7049Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.
Context Notes

This issue is most likely to occur in rarely-tested code.

Relationships
NatureTypeIDName
ChildOfWeakness BaseWeakness BaseWeakness Base628Function Call with Incorrectly Specified Arguments
Time of Introduction

Implementation

Page Last Updated: April 22, 2008