CWE-676: Use of Potentially Dangerous Function
Description
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Submission Date :
April 11, 2008, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
The following code attempts to create a local copy of a buffer to perform some manipulations to the data. However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.
char buf[24];strcpy(buf, string);...void manipulate_string(char * string){}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.