CWE-622

Improper Validation of Function Hook Arguments

AI Translation Available

The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.

Status

draft

Abstraction

variant

Affected Platforms

Extended Description

AI Translation

Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

Technical Details

AI Translation

Common Consequences

integrity

Impacts

unexpected state

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Drop privileges before invoking such functions, if possible.

• Ensure that all arguments are verified, as defined by the API you are protecting.

AI Generated Translation

Common Consequences

integrità

Impacts

stato inaspettato

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Rilascia i privilegi prima di invocare tali funzioni, se possibile.

• Assicurati che tutti gli argomenti siano verificati, come definito dall'API che stai proteggendo.

CWE-622

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter