SYM_C_0004 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Potentially Dangerous Function
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-676: Use of Potentially Dangerous Function |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
Using the 'gets()' function in C is unsafe because it reads input without checking the size of the destination buffer, making it easy to accidentally overwrite memory. This can lead to unpredictable program behavior or crashes.
Impact
If exploited, an attacker could cause a buffer overflow, potentially allowing them to execute malicious code, crash the application, or gain unauthorized access to system resources. This poses a serious risk to the security and stability of the application.