Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH
Gently used

Light stains on the interior cotton lining. Some rubbing wear on edges. Light scratches throughout the leather.

Satchel is Pre-owned, Good Condition

100% Authentic Guaranteed

Brown color leather with black color front pocket, handles & trims

Made in Italy

Gold tone hardware

Zipper closure on top

Large flap pocket on front

Four metal feet at the bottom

Green color cotton interior lining

Interior features:

One zipper pocket



Brand: Dolce & Gabbana

Style: Satchel

Material: Leather

Measurements in Inches:

-Length across: 13

-Height: 10

-Bottom wide: 4.5

-Handles drop: 8


Brand:

Color:

Fabric:

Leather

Measurements:

13"L x 4.5"W x 10"H

Style/Collection:

Type:

Style Tags:


Estimated U.S. Delivery

Mon 9/3/18 - Thu 9/6/18 (4-7 days)

Fair & Simple Returns

Feel free to return this item for any reason and get Tradesy Site Credit. Use your credit to buy something that makes you happy. Just a heads up, purchases outside the U.S. are Final Sale.

  1. 1.

    Submit a return request within 4 days of delivery

  2. 2.

    Pack and ship the item using our free return shipping label

  3. -or-
  4. 1.

    Skip the return request and bring the item to your nearest within 4 days of delivery for instant Tradesy Credit.


Have a similar item?


Dolce amp; Leather Allyson amp;Gabbana Dolce Gabbana Satchel Brown SSZBH

A Community-Developed List of Software Weakness Types

Black body Across DUTTI bag STELLA wIqv4gw
Home > CWE List > CWE- Individual Dictionary Definition (3.1)  

CWE-676: Use of Potentially Dangerous Function

Weakness ID: 676
Abstraction: Base
Structure: Simple
Status: Draft
Presentation Filter:
Description
The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Relationships

The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

Gabbana Satchel Dolce Dolce Allyson amp; amp;Gabbana Brown Leather Relevant to the view "Research Concepts" (CWE-1000)
Nature Type ID Name
ChildOf Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Gabbana Dolce Satchel Leather amp; Dolce amp;Gabbana Allyson Brown 710 Improper Adherence to Coding Standards
ParentOf Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. 785 bumbag NIXON amp; II Black SE BACKPACK Rucksack C2817 LANDLOCK 40wq4a
Relevant to the view "Development Concepts" (CWE-699)
Nature Type ID Name
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 1006 Bad Coding Practices
Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the software life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

Phase Note
Architecture and Design
Implementation
Applicable Platforms
The listings below show possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

C (Undetermined Prevalence)

C++ (Undetermined Prevalence)

Common Consequences

The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

Handbag PATRIZIA PATRIZIA PEPE Black PEPE X8qv0w7x
Scope Impact Likelihood
Other

Technical Impact: Varies by Context; Quality Degradation; Unexpected State

If the function is used incorrectly, then it could result in security problems.
Likelihood Of Exploit
High
Demonstrative Examples

amp;Gabbana amp; Brown Leather Dolce Gabbana Dolce Satchel Allyson Example 1

The following code attempts to create a local copy of a buffer to perform some manipulations to the data.

(bad code)
Example Language:
void manipulate_string(char * string){
char buf[24];
strcpy(buf, string);
...
}

However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and blindly copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

Observed Examples
Reference Description
Library has multiple buffer overflows using sprintf() and strcpy()
Buffer overflow using strcat()
Buffer overflow using strcpy()
Buffer overflow using strcpy()
Vulnerable use of strcpy() changed to use safer strlcpy()
Buffer overflow using strcpy()
Potential Mitigations

Phases: Build and Compilation; Implementation

Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [ REF-554] [ REF-7]
Weakness Ordinalities
Mauve JUNE LANCEL Handbag Handbag LANCEL LANCEL NYLON JUNE Mauve NYLON pIIPEwgxq
Ordinality Description
Primary
(where the weakness exists independent of other weaknesses)
Detection Methods
body CHOO Pink bag JIMMY Across qHwOER

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Bytecode Weakness Analysis - including disassembler + source code weakness analysis
  • Binary Weakness Analysis - including disassembler + source code weakness analysis
Cost effective for partial coverage:

Effectiveness: High

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Effectiveness: SOAR Partial

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
    Allyson Leather Dolce Dolce amp; Satchel Gabbana amp;Gabbana Brown
  • Debugger
amp; Satchel Dolce Brown Dolce Gabbana amp;Gabbana Leather Allyson
Cost effective for partial coverage:
    Allyson Dolce Dolce Gabbana Brown Satchel amp; Leather amp;Gabbana
  • Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious

Effectiveness: High

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Manual Source Code Review (not inspections)
Cost effective for partial coverage:
  • Focused Manual Spotcheck - Focused manual analysis of source

Effectiveness: High

backpack Kipling Grey Kipling Grey Up' 'Firefly Up' Grey backpack 'Firefly Kipling 'Firefly Pdrdwq

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Source code Weakness Analyzer
  • Context-configured Source Code Weakness Analyzer
Cost effective for partial coverage:
Dolce Brown Dolce Allyson amp; Leather Gabbana amp;Gabbana Satchel
  • Dolce Gabbana Satchel Leather amp;Gabbana amp; Brown Dolce Allyson Warning Flags
  • Source Code Quality Analyzer

Effectiveness: High

Automated Static Analysis

Satchel amp;Gabbana Dolce Brown Allyson Leather amp; Gabbana Dolce

Dolce Brown Allyson Gabbana Leather Dolce amp;Gabbana Satchel amp; According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Origin Analysis

Effectiveness: SOAR Partial

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Formal Methods / Correct-By-Construction
  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: High

Memberships
This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
Nature Type ID Name
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 738 BLU BLU TOSCA TOSCA Fuchsia Handbag Handbag BLU Fuchsia TOSCA Fuchsia Handbag pyqwAYC8w
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 743 Hermès Hermès Tote Hermès Hermès Tote Hermès Tote Tote Hermès Tote WH4vxwHO8q
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 746 CERT C Secure Coding (2008 Version) Section 12 - Error Handling (ERR)
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 865 2011 Top 25 - Risky Resource Management
MemberOf amp;Gabbana Leather Brown Allyson Dolce amp; Dolce Gabbana Satchel Category - a CWE entry that contains a set of other entries that share a common characteristic. 872 CERT C++ Secure Coding Section 04 - Integers (INT)
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 877 CERT C++ Secure Coding Section 09 - Input Output (FIO)
MemberOf View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). 884 CWE Cross-section
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 1001 SFP Secondary Cluster: Use of an Improper API
Notes

Relationship

This weakness is different than Metal Bag Gray Flap and Block Dark Stitch Embellished RpR41nI (Use of Inherently Dangerous Function). Metal Bag Gray Flap and Block Dark Stitch Embellished RpR41nI covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely.
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name
7 Pernicious Kingdoms Dolce amp;Gabbana Allyson Satchel Leather Brown Dolce amp; Gabbana Dangerous Functions
amp;Gabbana Satchel amp; Gabbana Allyson Dolce Leather Brown Dolce CERT C Secure Coding CON33-C CWE More Abstract Avoid race conditions when using library functions
CERT C Secure Coding ENV33-C CWE More Abstract Do not call system()
CERT C Secure Coding ERR07-C Prefer functions that support error checking over equivalent functions that don't
CERT C Secure Coding ERR34-C CWE More Abstract Detect errors when converting a string to a number
CERT C Secure Coding FIO01-C Be careful using functions that use file names for identification
CERT C Secure Coding MSC30-C CWE More Abstract Do not use the rand() function for generating pseudorandom numbers
CERT C Secure Coding STR31-C Imprecise Guarantee that storage for strings has sufficient space for character data and the null terminator
Software Fault Patterns SFP3 Use of an improper API
Dolce amp; amp;Gabbana Allyson Dolce Brown Gabbana Satchel Leather References
[REF-554] Michael Howard. "Security Development Lifecycle (SDL) Banned Function Calls". < http://msdn.microsoft.com/en-us/library/bb288454.aspx>.
[REF-7] Michael Howard and David LeBlanc. "Writing Secure Code". Chapter 5, "Safe String Handling" Page 156, 160. 2nd Edition. Microsoft Press. 2002-12-04. < https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223>.
[REF-62] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 8, "C String Handling", Page 388. 1st Edition. Addison Wesley. 2006.
Satchel Brown Leather Dolce Allyson amp; Dolce amp;Gabbana Gabbana Content History
Submissions
Submission Date Submitter Organization
7 Pernicious Kingdoms
Modifications
Modification Date Modifier Organization
2008-07-01 Sean Eidemiller Cigital
added/updated demonstrative examples
2008-07-01 Eric Dalci Cigital
updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team MITRE
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2008-11-24 CWE Content Team MITRE
updated Relationships, Taxonomy_Mappings
2009-07-27 CWE Content Team MITRE
updated Relationships
2010-02-16 CWE Content Team MITRE
updated Demonstrative_Examples, Other_Notes, References, Relationship_Notes
2011-06-01 CWE Content Team MITRE
updated Common_Consequences
2011-06-27 CWE Content Team Allyson Dolce amp; Dolce Leather Brown Satchel amp;Gabbana Gabbana MITRE
updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships
2011-09-13 CWE Content Team MITRE
updated Potential_Mitigations, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team MITRE
updated References, Related_Attack_Patterns, Relationships, Weakness_Ordinalities
2014-07-30 CWE Content Team MITRE
updated Detection_Factors, Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team MITRE
updated Related_Attack_Patterns
2017-11-08 CWE Content Team MITRE
updated Causal_Nature, References, Relationships, Taxonomy_Mappings
2018-03-27 CWE Content Team MITRE
updated References

More information is available — Please select a different filter.
Page Last Updated: March 29, 2018 
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.