CWE-622: Improper Validation of Function Hook Arguments

Description

The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.

Extended Description

Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2007-0708

DoS in firewall using standard Microsoft functions
CVE: CVE-2006-7160

DoS in firewall using standard Microsoft functions
CVE: CVE-2007-1376

function does not verify that its argument is the proper type, leading to arbitrary memory write
CVE: CVE-2007-1220

invalid syscall arguments bypass code execution limits
CVE: CVE-2006-4541

DoS in IDS via NULL argument

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Unexpected State — Notes:

Potential Mitigations

Architecture and Design: Ensure that all arguments are verified, as defined by the API you are protecting. (N/A)
Architecture and Design: Drop privileges before invoking such functions, if possible. (N/A)

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list