CWE-688 – Function Call With Incorrect Variable or Reference as Argument

Read Time:40 Second

Description

The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-628

 

Consequences

Other: Quality Degradation

 

Potential Mitigations

Phase: Testing

Description: 

Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

CVE References

  • CVE-2005-2548
    • Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.