CWE-696
Incorrect Behavior Order
Description
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Alter Execution Logic
CVE-2019-9805Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
CVE-2007-5191file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges
CVE-2007-1588C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended
CVE-2022-37734Chain: lexer in Java-based GraphQL server does not enforce maximum of tokens early enough (CWE-696), allowing excessive CPU consumption (CWE-1176)
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now