{"@ID": "676", "@Name": "Use of Potentially Dangerous Function", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "1177", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Indirect"}]}, "Applicable_Platforms": {"Language": [{"@Name": "C", "@Prevalence": "Undetermined"}, {"@Name": "C++", "@Prevalence": "Undetermined"}]}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Likelihood_Of_Exploit": "High", "Common_Consequences": {"Consequence": {"Scope": "Other", "Impact": ["Varies by Context", "Quality Degradation", "Unexpected State"], "Note": "If the function is used incorrectly, then it could result in security problems."}}, "Detection_Methods": {"Detection_Method": [{"Method": "Automated Static Analysis - Binary or Bytecode", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": ["Bytecode Weakness Analysis - including disassembler + source code weakness analysis", "Binary Weakness Analysis - including disassembler + source code weakness analysis"]}, {"xhtml:li": ["Binary / Bytecode Quality Analysis", "Binary / Bytecode simple extractor - strings, ELF readers, etc."]}]}}, "Effectiveness": "High"}, {"Method": "Manual Static Analysis - Binary or Bytecode", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": "Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Dynamic Analysis with Manual Results Interpretation", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": "Debugger"}, {"xhtml:li": "Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"}]}}, "Effectiveness": "High"}, {"Method": "Manual Static Analysis - Source Code", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": "Manual Source Code Review (not inspections)"}, {"xhtml:li": "Focused Manual Spotcheck - Focused manual analysis of source"}]}}, "Effectiveness": "High"}, {"Method": "Automated Static Analysis - Source Code", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": ["Source code Weakness Analyzer", "Context-configured Source Code Weakness Analyzer"]}, {"xhtml:li": ["Warning Flags", "Source Code Quality Analyzer"]}]}}, "Effectiveness": "High"}, {"Method": "Automated Static Analysis", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": "Origin Analysis"}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Architecture or Design Review", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Highly cost effective:", "xhtml:ul": {"xhtml:li": ["Formal Methods / Correct-By-Construction", "Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}}, "Effectiveness": "High"}]}, "Potential_Mitigations": {"Mitigation": {"@Mitigation_ID": "MIT-58", "Phase": ["Build and Compilation", "Implementation"], "Description": "Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the \"banned.h\" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]"}}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-6", "Intro_Text": "The following code attempts to create a local copy of a buffer to perform some manipulations to the data.", "Example_Code": {"@Nature": "Bad", "@Language": "C", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": [null, null], "#text": "char buf[24];strcpy(buf, string);..."}, "#text": "void manipulate_string(char * string){}"}}, "Body_Text": "However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2007-1470", "Description": "Library has multiple buffer overflows using sprintf() and strcpy()", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-1470"}, {"Reference": "CVE-2009-3849", "Description": "Buffer overflow using strcat()", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-3849"}, {"Reference": "CVE-2006-2114", "Description": "Buffer overflow using strcpy()", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2114"}, {"Reference": "CVE-2006-0963", "Description": "Buffer overflow using strcpy()", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-0963"}, {"Reference": "CVE-2011-0712", "Description": "Vulnerable use of strcpy() changed to use safer strlcpy()", "Link": "https://www.cve.org/CVERecord?id=CVE-2011-0712"}, {"Reference": "CVE-2008-5005", "Description": "Buffer overflow using strcpy()", "Link": "https://www.cve.org/CVERecord?id=CVE-2008-5005"}]}, "Taxonomy_Mappings": {"Taxonomy_Mapping": [{"@Taxonomy_Name": "7 Pernicious Kingdoms", "Entry_Name": "Dangerous Functions"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "CON33-C", "Entry_Name": "Avoid race conditions when using library functions", "Mapping_Fit": "CWE More Abstract"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "ENV33-C", "Entry_Name": "Do not call system()", "Mapping_Fit": "CWE More Abstract"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "ERR07-C", "Entry_Name": "Prefer functions that support error checking over equivalent functions that don't"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "ERR34-C", "Entry_Name": "Detect errors when converting a string to a number", "Mapping_Fit": "CWE More Abstract"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "FIO01-C", "Entry_Name": "Be careful using functions that use file names for identification"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "MSC30-C", "Entry_Name": "Do not use the rand() function for generating pseudorandom numbers", "Mapping_Fit": "CWE More Abstract"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "STR31-C", "Entry_Name": "Guarantee that storage for strings has sufficient space for character data and the null terminator", "Mapping_Fit": "Imprecise"}, {"@Taxonomy_Name": "Software Fault Patterns", "Entry_ID": "SFP3", "Entry_Name": "Use of an improper API"}]}, "References": {"Reference": [{"@External_Reference_ID": "REF-6"}, {"@External_Reference_ID": "REF-554"}, {"@External_Reference_ID": "REF-1009"}, {"@External_Reference_ID": "REF-7", "@Section": "Chapter 5, \"Safe String Handling\" Page 156, 160"}, {"@External_Reference_ID": "REF-62", "@Section": "Chapter 8, \"C String Handling\", Page 388"}, {"@External_Reference_ID": "REF-1479"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": {"@Type": "Relationship", "#text": "This weakness is different than CWE-242 (Use of Inherently Dangerous Function). CWE-242 covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely."}}, "Content_History": {"Submission": {"Submission_Name": "7 Pernicious Kingdoms", "Submission_Date": "2008-04-11", "Submission_Version": "Draft 9", "Submission_ReleaseDate": "2008-04-11"}, "Modification": [{"Modification_Name": "Sean Eidemiller", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "added/updated demonstrative examples"}, {"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Potential_Mitigations, Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-11-24", "Modification_Version": "1.1", "Modification_ReleaseDate": "2008-11-25", "Modification_Comment": "updated Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-07-27", "Modification_Version": "1.5", "Modification_ReleaseDate": "2009-07-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-02-16", "Modification_Version": "1.8", "Modification_ReleaseDate": "2010-02-16", "Modification_Comment": "updated Demonstrative_Examples, Other_Notes, References, Relationship_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-27", "Modification_Version": "2.0", "Modification_ReleaseDate": "2011-06-27", "Modification_Comment": "updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-09-13", "Modification_Version": "2.1", "Modification_ReleaseDate": "2011-09-13", "Modification_Comment": "updated Potential_Mitigations, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated References, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Detection_Factors, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-05-03", "Modification_Version": "2.11", "Modification_ReleaseDate": "2017-05-05", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Causal_Nature, References, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2018-03-27", "Modification_Version": "3.1", "Modification_ReleaseDate": "2018-03-27", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Relationships, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Detection_Factors, References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-12-10", "Modification_Version": "4.3", "Modification_ReleaseDate": "2020-12-10", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-03-15", "Modification_Version": "4.4", "Modification_ReleaseDate": "2021-03-15", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated References, Relationships, Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated Detection_Factors, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2026-04-30", "Modification_Version": "4.20", "Modification_ReleaseDate": "2026-04-30", "Modification_Comment": "updated Potential_Mitigations, References"}]}}
