CWE-242 (Use of Inherently Dangerous Function) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product calls a function that can never be guaranteed to work safely.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-6477 | 2026-05-14 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a clie… |
| CVE-2025-1994 | 2025-08-26 | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. |
| CVE-2025-49215 | 2025-06-17 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must … |
| CVE-2025-1331 | 2025-05-08 | IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. |
| CVE-2024-52324 | 2024-12-06 | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arb… |
| CVE-2021-40698 | 2023-09-07 | ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An… |
| CVE-2022-36310 | 2022-08-16 | Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the… |
| CVE-2021-42543 | 2021-11-05 | The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. |
| CVE-2017-1002157 | 2019-01-10 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. |
| CVE-2017-0904 | 2017-11-13 | The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, su… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Sean Eidemiller | 1.0 | — | added/updated demonstrative examples |
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Type, Weakness_Ordinalities |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Description, Other_Notes, References |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Demonstrative_Examples, References, Relationships |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Demonstrative_Examples, Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Causal_Nature, References, Relationships, Taxonomy_Mappings |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References, Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Demonstrative_Examples |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Demonstrative_Examples |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Observed_Examples |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Potential_Mitigations, References |