目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-688 使用不正确变量或索引作为参数的函数调用 类漏洞列表 2

CWE-688 使用不正确变量或索引作为参数的函数调用 类弱点 2 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-688属于参数传递错误类漏洞,指函数调用时传入了错误的变量或引用作为参数。攻击者通常利用此缺陷诱导程序执行非预期逻辑,导致数据泄露、服务中断或远程代码执行等严重后果。开发者应避免此类问题,需严格验证参数类型与来源,确保调用时传入正确的变量引用,并通过代码审查和静态分析工具检测潜在的引用错误。

MITRE CWE 官方描述
CWE:CWE-688 Function Call With Incorrect Variable or Reference as Argument 英文:The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.
常见影响 (1)
OtherQuality Degradation
缓解措施 (1)
TestingBecause this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument typ…
代码示例 (1)
In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.
private static final String[] ADMIN_ROLES = ...; public boolean void accessGranted(String resource, String user) { String[] userRoles = getUserRoles(user); return accessGranted(resource, ADMIN_ROLES); } private boolean void accessGranted(String resource, String[] userRoles) { // grant or deny access based on user roles ... }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-33549 SPIP 安全漏洞 — SPIP 6.7 Medium2026-03-22
CVE-2021-33713 Siemens JT Utilities 安全漏洞 — JT Utilities 5.5 -2021-07-13

CWE-688(使用不正确变量或索引作为参数的函数调用) 是常见的弱点类别,本平台收录该类弱点关联的 2 条 CVE 漏洞。