CWE-242

Use of Inherently Dangerous Function

The product calls a function that can never be guaranteed to work safely.

Mitigation

Phases: Implementation, Requirements

Description:

  • Ban the use of dangerous functions. Use their safe equivalent.
Mitigation

Phase: Testing

Description:

  • Use grep or static analysis tools to spot usage of dangerous functions.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page