Tote Trim Women's Tassel Bag Elegant White SIq51qZB Tote Trim Women's Tassel Bag Elegant White SIq51qZB Tote Trim Women's Tassel Bag Elegant White SIq51qZB Tote Trim Women's Tassel Bag Elegant White SIq51qZB Tote Trim Women's Tassel Bag Elegant White SIq51qZB Tote Trim Women's Tassel Bag Elegant White SIq51qZB

You will love everything about this roomy, women’s elegant tote bag. It comes with contrasting engineered leather, and a cute tassel trim on the lower corner of the bag’s front side. The exterior of the bag is covered with a visually pleasing print, and comes in your choice of classic black, red or white. The bag has double handles on top, which are affixed to the bag with gold colored metal chains. The bag zips on top. It is nice and roomy, with a deep inner chamber that is large enough to carry small electronics, beach attire, or whatever you need to carry, and with room to spare. You will love the elegant sophistication of this bag, and its easy maintenance and durability. Toss it on over your shoulder, and you’ll be good to go!

Tote Trim Women's Tassel Bag Elegant White SIq51qZB

A Community-Developed List of Software Weakness Types

Black body Across DUTTI bag STELLA wIqv4gw
Home > CWE List > CWE- Individual Dictionary Definition (3.1)  

CWE-676: Use of Potentially Dangerous Function

Weakness ID: 676
Abstraction: Base
Structure: Simple
Status: Draft
Presentation Filter:
Description
The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Relationships

The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

Trim Tote White Bag Women's Elegant Tassel Relevant to the view "Research Concepts" (CWE-1000)
Nature Type ID Name
ChildOf Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Trim Elegant Tassel Bag Women's Tote White 710 Improper Adherence to Coding Standards
ParentOf Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. 785 bumbag NIXON amp; II Black SE BACKPACK Rucksack C2817 LANDLOCK 40wq4a
Relevant to the view "Development Concepts" (CWE-699)
Nature Type ID Name
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 1006 Bad Coding Practices
Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the software life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

Phase Note
Architecture and Design
Implementation
Applicable Platforms
The listings below show possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

C (Undetermined Prevalence)

C++ (Undetermined Prevalence)

Common Consequences

The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

Women's Rectangular Metal Gray Gold Ring Fastener Handbag PfqPS
Scope Impact Likelihood
Other

Technical Impact: Varies by Context; Quality Degradation; Unexpected State

If the function is used incorrectly, then it could result in security problems.
Likelihood Of Exploit
High
Demonstrative Examples

Women's Trim Tote Elegant Bag Tassel White Example 1

The following code attempts to create a local copy of a buffer to perform some manipulations to the data.

(bad code)
Example Language:
void manipulate_string(char * string){
char buf[24];
strcpy(buf, string);
...
}

However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and blindly copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

Observed Examples
Reference Description
Library has multiple buffer overflows using sprintf() and strcpy()
Buffer overflow using strcat()
Buffer overflow using strcpy()
Buffer overflow using strcpy()
Vulnerable use of strcpy() changed to use safer strlcpy()
Buffer overflow using strcpy()
Potential Mitigations

Phases: Build and Compilation; Implementation

Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [ REF-554] [ REF-7]
Weakness Ordinalities
Straps Handbag Lipstick Closure Curvy Two Crossbody Black Front 5xRwqWqYSa
Ordinality Description
Primary
(where the weakness exists independent of other weaknesses)
Detection Methods
Clutch Women's Silver Sparkly Silver Bag 0wUwOdq8

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Bytecode Weakness Analysis - including disassembler + source code weakness analysis
  • Binary Weakness Analysis - including disassembler + source code weakness analysis
Cost effective for partial coverage:

Effectiveness: High

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Effectiveness: SOAR Partial

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
    Tassel Trim Tote Elegant Bag White Women's
  • Debugger
Bag White Trim Tassel Elegant Tote Women's
Cost effective for partial coverage:
    Tassel Bag Women's Elegant White Trim Tote
  • Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious

Effectiveness: High

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Manual Source Code Review (not inspections)
Cost effective for partial coverage:
  • Focused Manual Spotcheck - Focused manual analysis of source

Effectiveness: High

Circle Bree Crossbody Minkoff 151B BIANCO Rebecca vUPFxwE

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Source code Weakness Analyzer
  • Context-configured Source Code Weakness Analyzer
Cost effective for partial coverage:
White Tote Women's Trim Elegant Tassel Bag
  • Tote Trim Elegant Women's Bag Tassel White Warning Flags
  • Source Code Quality Analyzer

Effectiveness: High

Automated Static Analysis

Trim Tassel Bag Women's White Elegant Tote

Women's Tote Elegant Tassel Bag Trim White According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Origin Analysis

Effectiveness: SOAR Partial

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Formal Methods / Correct-By-Construction
  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: High

Memberships
This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
Nature Type ID Name
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 738 BLU BLU TOSCA TOSCA Fuchsia Handbag Handbag BLU Fuchsia TOSCA Fuchsia Handbag pyqwAYC8w
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 743 Hermès Hermès Tote Hermès Hermès Tote Hermès Tote Tote Hermès Tote WH4vxwHO8q
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 746 CERT C Secure Coding (2008 Version) Section 12 - Error Handling (ERR)
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 865 2011 Top 25 - Risky Resource Management
MemberOf Tassel Bag White Tote Elegant Trim Women's Category - a CWE entry that contains a set of other entries that share a common characteristic. 872 CERT C++ Secure Coding Section 04 - Integers (INT)
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 877 CERT C++ Secure Coding Section 09 - Input Output (FIO)
MemberOf View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). 884 CWE Cross-section
MemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic. 1001 SFP Secondary Cluster: Use of an Improper API
Notes

Relationship

This weakness is different than Metal Bag Gray Flap and Block Dark Stitch Embellished RpR41nI (Use of Inherently Dangerous Function). Metal Bag Gray Flap and Block Dark Stitch Embellished RpR41nI covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely.
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name
7 Pernicious Kingdoms Women's Tassel Tote Elegant Bag White Trim Dangerous Functions
White Tote Bag Trim Women's Elegant Tassel CERT C Secure Coding CON33-C CWE More Abstract Avoid race conditions when using library functions
CERT C Secure Coding ENV33-C CWE More Abstract Do not call system()
CERT C Secure Coding ERR07-C Prefer functions that support error checking over equivalent functions that don't
CERT C Secure Coding ERR34-C CWE More Abstract Detect errors when converting a string to a number
CERT C Secure Coding FIO01-C Be careful using functions that use file names for identification
CERT C Secure Coding MSC30-C CWE More Abstract Do not use the rand() function for generating pseudorandom numbers
CERT C Secure Coding STR31-C Imprecise Guarantee that storage for strings has sufficient space for character data and the null terminator
Software Fault Patterns SFP3 Use of an improper API
Elegant Tassel White Bag Women's Tote Trim References
[REF-554] Michael Howard. "Security Development Lifecycle (SDL) Banned Function Calls". < http://msdn.microsoft.com/en-us/library/bb288454.aspx>.
[REF-7] Michael Howard and David LeBlanc. "Writing Secure Code". Chapter 5, "Safe String Handling" Page 156, 160. 2nd Edition. Microsoft Press. 2002-12-04. < https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223>.
[REF-62] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 8, "C String Handling", Page 388. 1st Edition. Addison Wesley. 2006.
Bag White Women's Tassel Elegant Trim Tote Content History
Submissions
Submission Date Submitter Organization
7 Pernicious Kingdoms
Modifications
Modification Date Modifier Organization
2008-07-01 Sean Eidemiller Cigital
added/updated demonstrative examples
2008-07-01 Eric Dalci Cigital
updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team MITRE
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2008-11-24 CWE Content Team MITRE
updated Relationships, Taxonomy_Mappings
2009-07-27 CWE Content Team MITRE
updated Relationships
2010-02-16 CWE Content Team MITRE
updated Demonstrative_Examples, Other_Notes, References, Relationship_Notes
2011-06-01 CWE Content Team MITRE
updated Common_Consequences
2011-06-27 CWE Content Team Bag Women's Elegant Tote Trim White Tassel MITRE
updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships
2011-09-13 CWE Content Team MITRE
updated Potential_Mitigations, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team MITRE
updated References, Related_Attack_Patterns, Relationships, Weakness_Ordinalities
2014-07-30 CWE Content Team MITRE
updated Detection_Factors, Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team MITRE
updated Related_Attack_Patterns
2017-11-08 CWE Content Team MITRE
updated Causal_Nature, References, Relationships, Taxonomy_Mappings
2018-03-27 CWE Content Team MITRE
updated References

More information is available — Please select a different filter.
Page Last Updated: March 29, 2018 
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.