Use of Potentially Dangerous Function
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-676: Use of Potentially Dangerous Function |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using the ‘gets()’ function in C is unsafe because it reads input without checking the size of the destination buffer, making it easy to accidentally overwrite memory. This can lead to unpredictable program behavior or crashes.
Impact#
If exploited, an attacker could cause a buffer overflow, potentially allowing them to execute malicious code, crash the application, or gain unauthorized access to system resources. This poses a serious risk to the security and stability of the application.