CWE-622 Detail

CWE-622

Improper Validation of Function Hook Arguments
Draft
2007-05-07
00h00 +00:00
2023-06-29
00h00 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Improper Validation of Function Hook Arguments

The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.

CWE Description

Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

General Informations

Modes Of Introduction

Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
IntegrityUnexpected State

Observed Examples

References Description

CVE-2007-0708

DoS in firewall using standard Microsoft functions

CVE-2006-7160

DoS in firewall using standard Microsoft functions

CVE-2007-1376

function does not verify that its argument is the proper type, leading to arbitrary memory write

CVE-2007-1220

invalid syscall arguments bypass code execution limits

CVE-2006-4541

DoS in IDS via NULL argument

Potential Mitigations

Phases : Architecture and Design
Ensure that all arguments are verified, as defined by the API you are protecting.
Phases : Architecture and Design
Drop privileges before invoking such functions, if possible.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Submission

Name Organization Date Date release Version
CWE Content Team MITRE 2007-05-07 +00:00 2007-05-07 +00:00 Draft 6

Modifications

Name Organization Date Comment
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Description, Relationships, Observed_Example, Other_Notes
CWE Content Team MITRE 2009-12-28 +00:00 updated Other_Notes, Weakness_Ordinalities
CWE Content Team MITRE 2010-09-27 +00:00 updated Relationships
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-06-27 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Name, Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2020-06-25 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.