CWE-687: Function Call With Incorrectly Specified Argument Value

What is Function Call With Incorrectly Specified Argument Value?

• Overview:

CWE-687 refers to a vulnerability where a function, procedure, or routine is called with an argument that has an incorrect value. This can lead to various weaknesses in the software, such as unexpected behavior or system crashes. For software engineers, it highlights the importance of ensuring that all function arguments are validated and correctly specified.

• Exploitation Methods:

Attackers can exploit this vulnerability by crafting inputs that trigger the incorrect argument values, leading to unintended function behavior.
Common attack patterns include buffer overflows, injection attacks, and logic errors that arise from unexpected argument values.

• Security Impact:

Direct consequences of successful exploitation include incorrect program logic execution, data corruption, and system instability or crashes.
Potential cascading effects may result in broader system failures, data breaches, or unauthorized access.
The business impact can include loss of customer trust, financial damage, and legal repercussions due to data protection violations.

• Prevention Guidelines:

Specific code-level fixes include implementing input validation and sanitization to ensure that function arguments meet expected criteria.
Security best practices involve regular code reviews, static analysis, and adopting defensive programming techniques to catch incorrect argument values early in the development process.
Recommended tools and frameworks include static code analysis tools, fuzz testing frameworks, and using languages or libraries that provide strong type checking and input validation.

Corgea can automatically detect and fix Function Call With Incorrectly Specified Argument Value in your codebase. Try Corgea free today.

Likelihood of Exploit: Not specified

Affected Languages: Not specified

Affected Technologies: Not specified