CWE

Improper Validation of Function Hook Arguments

ID: 622		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

A product adds hooks to user-accessible API functions, but does not properly validate the arguments. This could lead to resultant vulnerabilities.

Extended Description

Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

Applicable Platforms
Language Class: All

Time Of Introduction

• Implementation

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design		Ensure that all arguments are verified, as defined by the API you are protecting.
Architecture and Design		Drop privileges before invoking such functions, if possible.

Relationships

Related CWE	Type	View	Chain
CWE-622 ChildOf CWE-896	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. CVE-2007-0708 : DoS in firewall using standard Microsoft functions
2. CVE-2006-7160 : DoS in firewall using standard Microsoft functions
3. CVE-2007-1376 : function does not verify that its argument is the proper type, leading to arbitrary memory write
4. CVE-2007-1220 : invalid syscall arguments bypass code execution limits
5. CVE-2006-4541 : DoS in IDS via NULL argument

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None