BaseDraft

CWE-676Use of Potentially Dangerous Function

Category: other

Description

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Common consequences· 1

  • Other — Varies by Context, Quality Degradation, Unexpected State
    If the function is used incorrectly, then it could result in security problems.

Potential mitigations· 1

  • [Build and Compilation, Implementation]Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]

References

  1. https://cwe.mitre.org/data/definitions/676.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Exposed Dangerous Method or Function
CWE
Incorrect Use of Privileged APIs
CWE
Misinterpretation of Input
CWE
Incorrect Provision of Specified Functionality
CWE
Use of Low-Level Functionality
CWE
Call to Non-ubiquitous API
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.