CWE-688: Function Call With Incorrect Variable or Reference as Argument
The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.
View on MITRETechnical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
Detection Methods
Method
OtherDescription
While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect.
Code Examples & CVEs
Demonstrative Examples
In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.
Observed CVE Examples (1)
Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.
View DetailsCWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-688: Function Call With Incorrect Variable or Reference as Argument?+
CWE-688: Function Call With Incorrect Variable or Reference as Argument is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.
What are the security consequences of Function Call With Incorrect Variable or Reference as Argument?+
If exploited, CWE-688 (Function Call With Incorrect Variable or Reference as Argument) it can compromise Other, leading to outcomes such as Quality Degradation.
How do you prevent or mitigate Function Call With Incorrect Variable or Reference as Argument?+
Recommended mitigations for CWE-688 include: Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
How is Function Call With Incorrect Variable or Reference as Argument detected?+
CWE-688 can be detected using Other. Combining automated tooling with manual review typically yields the best coverage.
Which programming languages are affected by Function Call With Incorrect Variable or Reference as Argument?+
CWE-688 commonly affects C and Perl. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Function Call With Incorrect Variable or Reference as Argument?+
MITRE documents real CVEs mapped to CWE-688, including CVE-2005-2548. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-688 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.