Live Active security incident? Get immediate response
CWE Reference

CWE-676: Use of Potentially Dangerous Function

Official CWE-676 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.

Release 4.20weaknessDraft
Search CWE CWE Dictionary

Glexia's Take

CWE-676: Use of Potentially Dangerous Function

Use of Potentially Dangerous Function represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Other: Varies by Context,Quality Degradation,Unexpected State: If the function is used incorrectly, then it could result in security problems.

Developer Pattern

CWE-676 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Confidence

high confidence from CWE-676, 4.20.

Official CWE Definition

CWE-676: Use of Potentially Dangerous Function

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Type
weakness
Abstraction
Base
Status
Draft
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • The following code attempts to create a local copy of a buffer to perform some manipulations to the data. However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

Remediation

  • Build and Compilation,Implementation: Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]

Detection

  • Automated Static Analysis - Binary or Bytecode: [object Object]
  • Manual Static Analysis - Binary or Bytecode: [object Object]
  • Dynamic Analysis with Manual Results Interpretation: [object Object]
  • Manual Static Analysis - Source Code: [object Object]
  • Automated Static Analysis - Source Code: [object Object]
  • Automated Static Analysis: [object Object]
  • Architecture or Design Review: [object Object]

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.