CWE-622: Improper Validation of Function Hook Arguments
The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.
Last updated
Overview
Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.
Real-world CVEs
2 recorded CVEs are caused by CWE-622 (Improper Validation of Function Hook Arguments). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-622 is exploited.
Unexpected State
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.