Description
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity: Alter Execution Logic
Potential Mitigations
CVE References
- CVE-2019-9805
- Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
- CVE-2007-5191
- file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges
- CVE-2007-1588
- C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended