The product uses a function, library, or third party component that has been explicitly prohibited, whether by the developer or the customer.
The developer - or customers - may wish to restrict or eliminate use of a function, library, or third party component for any number of reasons, including real or suspected vulnerabilities; difficulty to use securely; export controls or license requirements; obsolete or poorly-maintained code; internal code being scheduled for deprecation; etc. To reduce risk of vulnerabilities, the developer might maintain a list of "banned" functions that programmers must avoid using because the functions are difficult or impossible to use securely. This issue can also make the product more costly and difficult to maintain.
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: CVE-2007-1470
Library has multiple buffer overflows using sprintf() and strcpy()
CVE: CVE-2007-4004
FTP client uses inherently insecure gets() function and is setuid root on some systems, allowing buffer overflow
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: The code below calls the gets() function to read in data from the command line.
Body: However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition.
char buf[24]; printf("Please enter your name and press <Enter>\n"); gets(buf); ... }Intro: The following code attempts to create a local copy of a buffer to perform some manipulations to the data.
Body: However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.
void manipulate_string(char * string){ char buf[24]; strcpy(buf, string); ... }