目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-676 潜在危险函数的使用 类漏洞列表 5

CWE-676 潜在危险函数的使用 类弱点 5 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-676指使用潜在危险函数漏洞,源于调用虽可安全使用但易被误用的函数。攻击者常利用参数校验缺失或上下文理解错误,触发缓冲区溢出、命令注入等后果。开发者应避免盲目依赖此类函数,需严格验证输入、限制权限,并优先选用更安全的替代API,同时通过代码审查确保正确实现,从而降低安全风险。

MITRE CWE 官方描述
CWE:CWE-676 Use of Potentially Dangerous Function 英文:The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
常见影响 (1)
OtherVaries by Context, Quality Degradation, Unexpected State
If the function is used incorrectly, then it could result in security problems.
缓解措施 (1)
Build and Compilation, ImplementationIdentify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]
代码示例 (1)
The following code attempts to create a local copy of a buffer to perform some manipulations to the data.
void manipulate_string(char * string){ char buf[24]; strcpy(buf, string); ... }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2025-65117 AVEVA Process Optimization 安全漏洞 — Process Optimization 7.4 High2026-01-16
CVE-2024-50307 Chatwork 安全漏洞 — Chatwork Desktop Application (Windows) 8.8AIHighAI2024-10-28
CVE-2024-38434 Unitronics Vision PLC 安全漏洞 — Vision PLC 6.5 Medium2024-07-21
CVE-2022-39063 Open5GS 安全漏洞 — Open5GS 8.1 -2022-09-16
CVE-2021-27474 Rockwell Automation FactoryTalk AssetCentre 安全漏洞 — FactoryTalk AssetCentre 10.0 Critical2022-03-23

CWE-676(潜在危险函数的使用) 是常见的弱点类别,本平台收录该类弱点关联的 5 条 CVE 漏洞。