Category: API / Function Errors
Draft
Summary
Weaknesses in this category are related to the use of built-in functions or external APIs.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-242 | Use of Inherently Dangerous Function | The product calls a function that can never be guaranteed to work safely. |
| CWE-474 | Use of Function with Inconsistent Implementations | The code uses a function that has inconsistent implementations across operating systems and versions. |
| CWE-475 | Undefined Behavior for Input to API | The behavior of this function is undefined unless its control parameter is set to a specific value. |
| CWE-477 | Use of Obsolete Function | The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. |
| CWE-676 | Use of Potentially Dangerous Function | The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. |
| CWE-695 | Use of Low-Level Functionality | The product uses low-level functionality that is explicitly prohibited by the framework or specification under which the product is supposed to operate. |
| CWE-749 | Exposed Dangerous Method or Function | The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.