Improper Validation of Function Hook ArgumentsID: 622 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Variant |
Description
A product adds hooks to user-accessible API functions, but does
not properly validate the arguments. This could lead to resultant
vulnerabilities.
Extended DescriptionSuch hooks can be used in defensive software that runs with privileges,
such as anti-virus or firewall, which hooks kernel calls. When the arguments
are not validated, they could be used to bypass the protection scheme or
attack the product itself.
Applicable PlatformsLanguage Class: All
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Integrity | Unexpected state | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and Design | | Ensure that all arguments are verified, as defined by the API you are
protecting. | | |
Architecture and Design | | Drop privileges before invoking such functions, if possible. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-622 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2007-0708 : DoS in firewall using standard Microsoft functions
- CVE-2006-7160 : DoS in firewall using standard Microsoft functions
- CVE-2007-1376 : function does not verify that its argument is the proper type, leading to arbitrary memory write
- CVE-2007-1220 : invalid syscall arguments bypass code execution limits
- CVE-2006-4541 : DoS in IDS via NULL argument
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None