Difference between revisions of "Missing parameter"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
(Reverting to last version not containing links to s1.shard.jp)
(One intermediate revision by one other user not shown)
(No difference)

Latest revision as of 06:50, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents


If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.


  • Authorization: There is the potential for arbitrary code execution with privileges of the vulnerable program if the function parameter list is exhausted.
  • Availability: Potentially a program could fail if it needs more arguments then are available.

Exposure period

  • Implementation: This is a simple logical flaw created at implementation time.


  • Languages: C or C++
  • Operating platforms: Any

Required resources




Likelihood of exploit


This issue can be simply combated with the use of proper build process.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


In C or C++:

foo_funct(one, two);

void foo_funct(int one, int two, int three) {
  printf("1) %d\n2) %d\n3) %d\n", one, two, three);

This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it.

Another example in C/C++ is:

void some_function(int foo, ...) {
    int a[3], i;
    va_list ap;

    va_start(ap, foo);
	for (i = 0;  i < sizeof(a) / sizeof(int);  i++)
        a[i] = va_arg(ap, int);

int main(int argc, char *argv[]) {
    some_function(17, 42);

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function.

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: