CWE-696

ClassIncomplete

View on MITRE

Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.

17 linked vulnerabilities

1 related weaknesses

IntegrityAlter Execution Logic

Modes of Introduction

Architecture and DesignImplementation

Related Weaknesses

CWE-691ChildOf

Example CVEs (4)

CVE-2019-9805

Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.

CVE-2007-5191

file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges

CVE-2007-1588

C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended

CVE-2022-37734

Chain: lexer in Java-based GraphQL server does not enforce maximum of tokens early enough (CWE-696), allowing excessive CPU consumption (CWE-1176)

External Links