VariantIncomplete

CWE-234Failure to Handle Missing Parameter

Category: other

Description

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.

Common consequences· 2

  • Integrity / Confidentiality / Availability / Access Control — Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity
    There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted.
  • Availability — DoS: Crash, Exit, or Restart
    Potentially a program could fail if it needs more arguments then are available.

Potential mitigations· 2

  • [Build and Compilation]This issue can be simply combated with the use of proper build process.
  • [Implementation]Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function.

References

  1. https://cwe.mitre.org/data/definitions/234.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Function Call With Incorrect Number of Arguments
CWE
Insufficient Control Flow Management
CWE
Function Call With Incorrect Variable or Reference as Argument
CWE
Function Call with Incorrectly Specified Arguments
CWE
Return of Pointer Value Outside of Expected Range
CWE
Function Call With Incorrect Argument Type
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.