Skip to main content

CWE-687: Function Call With Incorrectly Specified Argument Value

VariantDraft

The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Frequently Asked Questions

What is CWE-687: Function Call With Incorrectly Specified Argument Value?+

CWE-687: Function Call With Incorrectly Specified Argument Value is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.

What are the security consequences of Function Call With Incorrectly Specified Argument Value?+

If exploited, CWE-687 (Function Call With Incorrectly Specified Argument Value) it can compromise Other, leading to outcomes such as Quality Degradation.

How is Function Call With Incorrectly Specified Argument Value detected?+

CWE-687 can be detected using Manual Static Analysis. Combining automated tooling with manual review typically yields the best coverage.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-687 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-687

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references