CWE-622 - Improper Validation of Function Hook Arguments

CWE-622

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Validation of Function Hook Arguments

Description: The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.
Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-20Improper Input ValidationHigh

Release Date:
2007-05-07

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard