CWE-628: Function Call with Incorrectly Specified Arguments
low-riskThe product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
Abstraction: Base
Common Consequences
Other
→
Quality Degradation
Detection Methods
Other
Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported.
Real-World Examples (5)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2019-14844 | 7.5 | 11.7% | — |
| CVE-2019-7303 | 7.5 | 1.2% | — |
| CVE-2025-0325 | 4.3 | 0.2% | — |
| CVE-2026-21503 | 6.1 | 0.0% | — |
| CVE-2026-25634 | 7.8 | 0.0% | — |
12
/ 100
low-risk
Active Threat
7/50 · Minimal
Exploit Availability
5/50 · Minimal