CWE-242

Use of Inherently Dangerous Function

AI Translation Available

The product calls a function that can never be guaranteed to work safely.

Status

draft

Abstraction

base

Likelihood

high

Affected Platforms

C C++

Extended Description

AI Translation

Certain functions behave in dangerous ways regardless of how they are used. Functions in this category were often implemented without taking security concerns into account. The gets() function is unsafe because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to gets() and overflow the destination buffer. Similarly, the >> operator is unsafe to use when reading into a statically-allocated character array because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to the >> operator and overflow the destination buffer.

Technical Details

AI Translation

Common Consequences

other

Impacts

varies by context

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation requirements testing

Descriptions:

• Ban the use of dangerous functions. Use their safe equivalent.

• Use grep or static analysis tools to spot usage of dangerous functions.

AI Generated Translation

Common Consequences

altro

Impacts

varia dal contesto

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione requisiti verifica

Descriptions:

• Vietare l'uso di funzioni pericolose. Utilizzare il loro equivalente sicuro.

• Utilizza grep o strumenti di analisi statica per individuare l'uso di funzioni pericolose.

CWE-242

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter