Improper Validation of Function Hook Arguments
Draft Variant
Structure: Simple
Description
The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.
Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.
Common Consequences 1
Scope: Integrity
Impact: Unexpected State
Potential Mitigations 2
Phase: Architecture and Design
Ensure that all arguments are verified, as defined by the API you are protecting.
Phase: Architecture and Design
Drop privileges before invoking such functions, if possible.
Observed Examples 5
CVE-2007-0708DoS in firewall using standard Microsoft functions
CVE-2006-7160DoS in firewall using standard Microsoft functions
CVE-2007-1376function does not verify that its argument is the proper type, leading to arbitrary memory write
CVE-2007-1220invalid syscall arguments bypass code execution limits
CVE-2006-4541DoS in IDS via NULL argument
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf:
Improper Input Validation (CWE-20)
Taxonomy Mapping
- Software Fault Patterns