CWE-683: Function Call With Incorrect Order of Arguments
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.
扩展描述
While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.
常见后果
影响范围: Other
技术影响: Quality Degradation
潜在缓解措施
阶段: Implementation
描述: Use the function, procedure, or routine as specified.
阶段: Testing
描述: Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
观察示例
参考: CVE-2006-7049
Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | This problem typically occurs when the programmer makes a typo, or copy and paste errors. |