Function Call With Incorrect Order of ArgumentsID: 683 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Variant |
Description
The software calls a function, procedure, or routine, but the
caller specifies the arguments in an incorrect order, leading to resultant
weaknesses.
Extended DescriptionWhile this weakness might be caught by the compiler in some languages, it
can occur more frequently in cases in which the called function accepts
variable numbers or types of arguments, such as format strings in C. It also
can occur in languages or environments that do not enforce strong
typing.
Applicable PlatformsNone
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | Quality degradation | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Implementation | | Use the function, procedure, or routine as specified. | | |
Testing | | Because this function call often produces incorrect behavior it will
usually be detected during testing or normal operation of the software.
During testing exercise all possible control paths will typically expose
this weakness except in rare cases when the incorrect function call
accidentally produces the correct results or if the provided argument
type is very similar to the expected argument type. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-683 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following PHP method authenticates a user given a
username/password combination but is called with the parameters in reverse
order. (Demonstrative Example Id DX-62)
Observed Examples
- CVE-2006-7049 : Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None