CWE-688
Function Call With Incorrect Variable or Reference as Argument
The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.
CVE-2021-33713 (GCVE-0-2021-33713)
Vulnerability from cvelistv5
Published
2021-07-13 11:03
Modified
2024-08-03 23:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-688 - Function Call With Incorrect Variable or Reference as Argument
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Siemens | JT Utilities |
Version: All versions < V13.0.2.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:58:22.818Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT Utilities", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.0.2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Utilities (All versions \u003c V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-688", "description": "CWE-688: Function Call With Incorrect Variable or Reference as Argument", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-13T11:03:03", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-33713", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT Utilities", "version": { "version_data": [ { "version_value": "All versions \u003c V13.0.2.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT Utilities (All versions \u003c V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-688: Function Call With Incorrect Variable or Reference as Argument" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-33713", "datePublished": "2021-07-13T11:03:03", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Testing
Description:
- Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.
No CAPEC attack patterns related to this CWE.