CVEbaza.plCWE DictionaryCWE-622
Common Weakness Enumeration

CWE-622

Improper Validation of Function Hook Arguments

Category: VariantCVE: 2
Description

The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.

Extended Description

Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

CVE vulnerabilities with CWE-622 (2)
5.5
CVSS
MEDIUM
CVE-2024-0311

A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.

pub. 2024-03-14
5.5
CVSS
MEDIUM
CVE-2024-0312

A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.

pub. 2024-03-14
Information
ID: CWE-622
Type: Variant
Vulnerabilities: 2
MITRE CWE ↗
← CWE Dictionary
CWE-622 — Improper Validation of Function Hook Arguments | CWE Dictionary | CVEbaza.pl