Tag Archives: CWE- 696

CWE-696 – Incorrect Behavior Order

Read Time:41 Second

Description

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-691

 

Consequences

Integrity: Alter Execution Logic

 

Potential Mitigations

CVE References

 

  • CVE-2019-9805
    • Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
  • CVE-2007-5191
    • file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges
  • CVE-2007-1588
    • C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended