1. Home
  2. CWE Database
  3. CWE-688
Variant · Low-Medium

CWE-688: Function Call With Incorrect Variable or Reference as Argument

The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

CWE-688 · Variant Level ·1 CVEs ·1 Mitigations

Description

The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

Potential Impact

Other

Quality Degradation

Demonstrative Examples

In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.
Bad
private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);}
                     private boolean void accessGranted(String resource, String[] userRoles) {
                        
                           
                           // grant or deny access based on user roles
                           ...
                     }

Mitigations & Prevention

Testing

Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

Detection Methods

  • Other — While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understand

Real-World CVE Examples

CVE IDDescription
CVE-2005-2548Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.

CWE-628: Function Call with Incorrectly Specified Arguments

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-i...

Frequently Asked Questions

What is CWE-688?

CWE-688 (Function Call With Incorrect Variable or Reference as Argument) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

How can CWE-688 be exploited?

Attackers can exploit CWE-688 (Function Call With Incorrect Variable or Reference as Argument) to quality degradation. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-688?

Key mitigations include: Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typi

What is the severity of CWE-688?

CWE-688 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.