Description
The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.
Potential Impact
Other
Quality Degradation
Demonstrative Examples
sub ReportAuth {my ($username, $result, $fatal) = @_;PrintLog("auth: username=%s, result=%d", $username, $result);if (($result ne "success") && $fatal) {die "Failed!\n";}}
sub PrivilegedFunc{my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();}Detection Methods
- Manual Static Analysis — This might require an understanding of intended program behavior or design to determine whether the value is incorrect.
Related Weaknesses
Taxonomy Mappings
- CERT C Secure Coding: MEM04-C — Do not perform zero length allocations
- Software Fault Patterns: SFP24 — Tainted input to command
Frequently Asked Questions
What is CWE-687?
CWE-687 (Function Call With Incorrectly Specified Argument Value) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.
How can CWE-687 be exploited?
Attackers can exploit CWE-687 (Function Call With Incorrectly Specified Argument Value) to quality degradation. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-687?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-687?
CWE-687 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.