CWE-242
Use of Inherently Dangerous Function
Description
The product calls a function that can never be guaranteed to work safely.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6477 | Hig | 0.57 | 8.8 | 0.00 | May 14, 2026 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(...,… | ||
| CVE-2017-0904 | Hig | 0.46 | 8.1 | 0.02 | Nov 13, 2017 | The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side… | ||
| CVE-2017-1002157 | — | 0.00 | — | 0.03 | Jan 10, 2019 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. |
- risk 0.57cvss 8.8epss 0.00
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(...,…
- risk 0.46cvss 8.1epss 0.02
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side…
- CVE-2017-1002157Jan 10, 2019risk 0.00cvss —epss 0.03
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.