Base weakness
Log in
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
Last updated
CWE-676 (Use of Potentially Dangerous Function) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
8 recorded CVEs are caused by CWE-676 (Use of Potentially Dangerous Function). The highest-severity and most recent are shown first. 3 new CWE-676 CVEs have been recorded so far in 2026.
What can happen when CWE-676 is exploited.
Varies by Context, Quality Degradation, Unexpected State
Affects: Other
If the function is used incorrectly, then it could result in security problems.
Typically introduced during these phases of the software lifecycle.
Languages
Practical mitigations for CWE-676, grouped by where in the lifecycle they apply.
Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Illustrative examples from MITRE showing how the weakness appears in code.
The following code attempts to create a local copy of a buffer to perform some manipulations to the data.
Vulnerable example
void manipulate_string(char * string){However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.
Real CVEs that MITRE cites as examples of this weakness.
Common questions about CWE-676.
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
8 recorded CVEs are attributed to CWE-676, including CVE-2021-27474, CVE-2025-65117, CVE-2024-38434.
Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]
Automated Static Analysis - Binary or Bytecode: According to SOAR [REF-1479], the following detection techniques may be useful:
Exploiting CWE-676 can lead to: Varies by Context, Quality Degradation, Unexpected State.
8 recorded CVEs are caused by CWE-676; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-676 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.