Tag Archives: CWE- 628

CWE-628 – Function Call with Incorrectly Specified Arguments

Read Time:46 Second

Description

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-573

 

Consequences

Other, Access Control: Quality Degradation, Gain Privileges or Assume Identity

This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources.

 

Potential Mitigations

Phase: Build and Compilation

Description: 

Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA.

Phase: Architecture and Design

Description: 

Make sure your API’s are stable before you use them in production code.

CVE References

  • CVE-2006-7049
    • The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.