CWE-676: Use of Potentially Dangerous Function

Description

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2007-1470

Library has multiple buffer overflows using sprintf() and strcpy()
CVE: CVE-2009-3849

Buffer overflow using strcat()
CVE: CVE-2006-2114

Buffer overflow using strcpy()
CVE: CVE-2006-0963

Buffer overflow using strcpy()
CVE: CVE-2011-0712

Vulnerable use of strcpy() changed to use safer strlcpy()
CVE: CVE-2008-5005

Buffer overflow using strcpy()

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Varies by Context, Quality Degradation, Unexpected State — Notes: If the function is used incorrectly, then it could result in security problems.

Potential Mitigations

Build and Compilation: Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-7] (N/A)

Applicable Platforms

C (N/A, Undetermined)
C++ (N/A, Undetermined)

Demonstrative Examples

Intro: The following code attempts to create a local copy of a buffer to perform some manipulations to the data.

Body: However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

void manipulate_string(char * string){ char buf[24]; strcpy(buf, string); ... }

Notes

Relationship: This weakness is different than CWE-242 (Use of Inherently Dangerous Function). CWE-242 covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely.

← Back to CWE list