用户工具

站点工具


cwe:cn:definition:676

CWE-676:潜在危险函数的使用

Description Summary

The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Likelihood of Exploit

High

Common Consequences

Scope Technical Impace Note
OtherVaries by context
Quality degradation
Unexpected state
If the function is used incorrectly, then it could result in security problems.

Detection Methods

Detection Method - 1

Automated Static Analysis - Binary / Bytecode

According to SOAR, the following detection techniques may be useful:

Detection Method - 2

Manual Static Analysis - Binary / Bytecode

According to SOAR, the following detection techniques may be useful:

Detection Method - 3

Dynamic Analysis with manual results interpretation

According to SOAR, the following detection techniques may be useful:

Detection Method - 4

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Detection Method - 5

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Detection Method - 6

Automated Static Analysis

According to SOAR, the following detection techniques may be useful:

Detection Method - 7

Architecture / Design Review

According to SOAR, the following detection techniques may be useful:

Potential Mitigations

Mitigation - 1

Build and Compilation Implementation

Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the “banned.h” include file from Microsoft's SDL. [R.676.1] [R.676.2]

Demonstrative Examples

Example - 1

The following code attempts to create a local copy of a buffer to perform some manipulations to the data.

void manipulate_string(char * string){ 
char buf[24]; 
strcpy(buf, string); 
... 
 
} 

However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and blindly copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

2013/05/30 09:37

Observed Examples

Reference Description
CVE-2007-1470Library has multiple buffer overflows using sprintf() and strcpy()
CVE-2009-3849Buffer overflow using strcat()
CVE-2006-2114Buffer overflow using strcpy()
CVE-2006-0963Buffer overflow using strcpy()
CVE-2011-0712Vulnerable use of strcpy() changed to use safer strlcpy()
CVE-2008-5005Buffer overflow using strcpy()
cwe/cn/definition/676.txt · 最后更改: 2014/09/04 14:46 (外部编辑)