5 vulnerabilities classified as CWE-676 (潜在危险函数的使用). AI Chinese analysis included.
CWE-676 represents a design weakness where software invokes functions known to be inherently risky, such as those prone to buffer overflows or format string vulnerabilities, despite their potential for safe usage. Attackers typically exploit this flaw by manipulating input parameters to trigger undefined behavior, leading to memory corruption, arbitrary code execution, or denial of service. The vulnerability arises not from the function itself, but from improper implementation or lack of rigorous input validation surrounding its invocation. Developers mitigate this risk by replacing dangerous legacy functions with safer, bounds-checking alternatives provided by modern libraries. Additionally, employing static analysis tools to detect unsafe calls and enforcing strict coding standards that prohibit the use of deprecated APIs can significantly reduce the attack surface. Comprehensive testing and code reviews further ensure that any remaining necessary uses of these functions are handled with extreme caution and proper error handling.
void manipulate_string(char * string){ char buf[24]; strcpy(buf, string); ... }| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-65117 | AVEVA Process Optimization Use of Potentially Dangerous Function — Process Optimization | 7.4 | High | 2026-01-16 |
| CVE-2024-50307 | Chatwork 安全漏洞 — Chatwork Desktop Application (Windows) | 8.8AI | HighAI | 2024-10-28 |
| CVE-2024-38434 | Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function — Vision PLC | 6.5 | Medium | 2024-07-21 |
| CVE-2022-39063 | Open5GS 安全漏洞 — Open5GS | 8.1 | - | 2022-09-16 |
| CVE-2021-27474 | Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function — FactoryTalk AssetCentre | 10.0 | Critical | 2022-03-23 |
Vulnerabilities classified as CWE-676 (潜在危险函数的使用) represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.