CWE-676: Use of Potentially Dangerous Function

Description

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Submission Date :

April 11, 2008, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

The following code attempts to create a local copy of a buffer to perform some manipulations to the data.


char buf[24];strcpy(buf, string);...void manipulate_string(char * string){}

However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer

Go to

CWE-1177: Use of Prohibited Code

Go to

Visit http://cwe.mitre.org/ for more details.