Use of Potentially Dangerous Function| ID: 676 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The program invokes a potentially dangerous function that could
introduce a vulnerability if it is used incorrectly, but the function can also
be used safely.
Likelihood of Exploit: High
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
- Architecture and Design
- Implementation
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Other | Varies by contextQuality degradationUnexpected state | If the function is used incorrectly, then it could result in security
problems. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Build and CompilationImplementation | | Identify a list of prohibited API functions and prohibit developers
from using these functions, providing safer alternatives. In some cases,
automatic code analysis tools or the compiler can be instructed to spot
use of prohibited functions, such as the "banned.h" include file from
Microsoft's SDL. [R.676.1] [R.676.2] | | |
RelationshipsThis weakness is different than CWE-242 (Use of Inherently Dangerous
Function). CWE-242 covers functions with such significant security problems
that they can never be guaranteed to be safe. Some functions, if used
properly, do not directly pose a security risk, but can introduce a weakness
if not called correctly. These are regarded as potentially dangerous. A
well-known example is the strcpy() function. When provided with a
destination buffer that is larger than its source, strcpy() will not
overflow. However, it is so often misused that some developers prohibit
strcpy() entirely.
| Related CWE | Type | View | Chain |
|---|
| CWE-676 ChildOf CWE-887 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following code attempts to create a local copy of a buffer to
perform some manipulations to the data. (Demonstrative Example Id DX-6)
Observed Examples
- CVE-2007-1470 : Library has multiple buffer overflows using sprintf() and strcpy()
- CVE-2009-3849 : Buffer overflow using strcat()
- CVE-2006-2114 : Buffer overflow using strcpy()
- CVE-2006-0963 : Buffer overflow using strcpy()
- CVE-2011-0712 : Vulnerable use of strcpy() changed to use safer strlcpy()
- CVE-2008-5005 : Buffer overflow using strcpy()
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| 7 Pernicious Kingdoms | | Dangerous Functions | |
| CERT C Secure Coding | ERR07-C | Prefer functions that support error checking over equivalent
functions that don't | |
| CERT C Secure Coding | FIO01-C | Be careful using functions that use file names for
identification | |
| CERT C Secure Coding | INT06-C | Use strtol() or a related function to convert a string token
to an integer | |
| CERT C++ Secure Coding | INT06-CPP | Use strtol() or a related function to convert a string token
to an integer | |
| CERT C++ Secure Coding | FIO01-CPP | Be careful using functions that use file names for
identification | |
References:
- Michael Howard .Security Development Lifecycle (SDL) Banned Function
Calls.
- M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 5, "Safe String Handling" Page 156,
160'. Published on 2002.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 8, "C String Handling", Page 388.'. Published on 2006.
