Description
The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.
Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.
Potential Impact
Integrity
Unexpected State
Mitigations & Prevention
Ensure that all arguments are verified, as defined by the API you are protecting.
Drop privileges before invoking such functions, if possible.
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2007-0708 | DoS in firewall using standard Microsoft functions |
| CVE-2006-7160 | DoS in firewall using standard Microsoft functions |
| CVE-2007-1376 | function does not verify that its argument is the proper type, leading to arbitrary memory write |
| CVE-2007-1220 | invalid syscall arguments bypass code execution limits |
| CVE-2006-4541 | DoS in IDS via NULL argument |
Related Weaknesses
Taxonomy Mappings
- Software Fault Patterns: SFP27 — Tainted input to environment
Frequently Asked Questions
What is CWE-622?
CWE-622 (Improper Validation of Function Hook Arguments) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.
How can CWE-622 be exploited?
Attackers can exploit CWE-622 (Improper Validation of Function Hook Arguments) to unexpected state. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-622?
Key mitigations include: Ensure that all arguments are verified, as defined by the API you are protecting.
What is the severity of CWE-622?
CWE-622 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 5 real-world CVEs.