Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-628:Function Call with Incorrectly Specified Arguments
Weakness ID:628
Version:v4.17
Weakness Name:Function Call with Incorrectly Specified Arguments
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

▼Extended Description

There are multiple ways in which this weakness can be introduced, including:

  • the wrong variable or reference;
  • an incorrect number of arguments;
  • incorrect order of arguments;
  • wrong type of arguments; or
  • wrong value.
▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC573Improper Following of Specification by Caller
ParentOfAllowedV683Function Call With Incorrect Order of Arguments
ParentOfAllowedV685Function Call With Incorrect Number of Arguments
ParentOfAllowedV686Function Call With Incorrect Argument Type
ParentOfAllowedV687Function Call With Incorrectly Specified Argument Value
ParentOfAllowedV688Function Call With Incorrect Variable or Reference as Argument
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 573
Name: Improper Following of Specification by Caller
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 683
Name: Function Call With Incorrect Order of Arguments
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 685
Name: Function Call With Incorrect Number of Arguments
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 686
Name: Function Call With Incorrect Argument Type
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 687
Name: Function Call With Incorrectly Specified Argument Value
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 688
Name: Function Call With Incorrect Variable or Reference as Argument
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC736CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
MemberOfProhibitedC737CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
MemberOfProhibitedC742CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
MemberOfProhibitedV884CWE Cross-section
MemberOfProhibitedC998SFP Secondary Cluster: Glitch in Computation
MemberOfProhibitedC1006Bad Coding Practices
MemberOfProhibitedC1157SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
MemberOfProhibitedC1180SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
MemberOfProhibitedC1181SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
MemberOfProhibitedC1412Comprehensive Categorization: Poor Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 736
Name: CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 737
Name: CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 742
Name: CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
Nature: MemberOf
Mapping: Prohibited
Type:View
ID: 884
Name: CWE Cross-section
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 998
Name: SFP Secondary Cluster: Glitch in Computation
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1006
Name: Bad Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1157
Name: SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1180
Name: SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1181
Name: SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1412
Name: Comprehensive Categorization: Poor Coding Practices
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-325Quality Degradation (impact)
MemberOfProhibitedBSBOSS-332Gain Privileges or Assume Identity (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-325
Name: Quality Degradation (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-332
Name: Gain Privileges or Assume Identity (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC1006Bad Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1006
Name: Bad Coding Practices
Relevant to the view"Weaknesses Addressed by the SEI CERT C Coding Standard - (1154)"
NatureMappingTypeIDName
MemberOfProhibitedC1157SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1157
Name: SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
Relevant to the view"Weaknesses Addressed by the SEI CERT Perl Coding Standard - (1178)"
NatureMappingTypeIDName
MemberOfProhibitedC1180SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1180
Name: SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Relevant to the view"Weaknesses Addressed by the SEI CERT Perl Coding Standard - (1178)"
NatureMappingTypeIDName
MemberOfProhibitedC1181SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1181
Name: SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC998SFP Secondary Cluster: Glitch in Computation
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 998
Name: SFP Secondary Cluster: Glitch in Computation
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
OtherAccess ControlN/AQuality DegradationGain Privileges or Assume Identity

This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources.

Scope: Other, Access Control
Likelihood: N/A
Impact: Quality Degradation, Gain Privileges or Assume Identity
Note:

This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources.

▼Potential Mitigations
Phase:Build and Compilation
Mitigation ID:
Strategy:
Effectiveness:
Description:

Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA.

Note:

Phase:Architecture and Design
Mitigation ID:
Strategy:
Effectiveness:
Description:

Make sure your API's are stable before you use them in production code.

Note:

▼Modes Of Introduction
Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.

Language: ( code)
N/A

Language: PHP(Bad code)
function authenticate($username, $password) { // authenticate user* ...} authenticate($_POST['password'], $_POST['username']);

Example 2

This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.

Language: ( code)
N/A

Language: Perl(Bad code)
sub ReportAuth { my ($username, $result, $fatal) = @_; PrintLog("auth: username=%s, result=%d", $username, $result); if (($result ne "success") && $fatal) { die "Failed!\n"; } } sub PrivilegedFunc { my $result = CheckAuth($username); ReportAuth($username, $result, 0); DoReallyImportantStuff(); }

Example 3

In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.

Language: ( code)
N/A

Language: Java(Bad code)
private static final String[] ADMIN_ROLES = ...; public boolean void accessGranted(String resource, String user) { String[] userRoles = getUserRoles(user); return accessGranted(resource, ADMIN_ROLES); } private boolean void accessGranted(String resource, String[] userRoles) { // grant or deny access based on user roles* ...}

▼Observed Examples
ReferenceDescription
CVE-2006-7049
The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.
Reference: CVE-2006-7049
Description:
The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      Primary
      This is usually primary to other weaknesses, but it can be resultant if the function's API or function prototype changes.
      Ordinality: Primary
      Description:
      This is usually primary to other weaknesses, but it can be resultant if the function's API or function prototype changes.
      ▼Detection Methods
      Other
      Detection Method ID:
      Description:

      Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported.

      Effectiveness:
      Note:

      N/A

      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      CERT C Secure CodingDCL10-CN/AMaintain the contract between the writer and caller of variadic functions
      CERT C Secure CodingEXP37-CCWE More AbstractCall functions with the correct number and type of arguments
      SEI CERT Perl Coding StandardDCL00-PLCWE More AbstractDo not use subroutine prototypes
      SEI CERT Perl Coding StandardEXP33-PLImpreciseDo not invoke a function in a context for which it is not defined
      Taxonomy Name: CERT C Secure Coding
      Entry ID: DCL10-C
      Fit: N/A
      Entry Name: Maintain the contract between the writer and caller of variadic functions
      Taxonomy Name: CERT C Secure Coding
      Entry ID: EXP37-C
      Fit: CWE More Abstract
      Entry Name: Call functions with the correct number and type of arguments
      Taxonomy Name: SEI CERT Perl Coding Standard
      Entry ID: DCL00-PL
      Fit: CWE More Abstract
      Entry Name: Do not use subroutine prototypes
      Taxonomy Name: SEI CERT Perl Coding Standard
      Entry ID: EXP33-PL
      Fit: Imprecise
      Entry Name: Do not invoke a function in a context for which it is not defined
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found