CWE-477 (Use of Obsolete Function) is a common software weakness type identified by the CWE (Common Weakness Enumeration) dictionary. It helps developers understand security flaws and how to mitigate them.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (the root cause), while CVE refers to a specific instance of a vulnerability in a particular product or system.

CWE-477

Use of Obsolete Function

Weakness Description

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

As programming languages evolve, functions occasionally become obsolete due to: - Advances in the language - Improved understanding of how operations should be performed effectively and securely - Changes in the conventions that govern certain operations Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.

Potential Mitigations

Implementation

Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.

Requirements

Consider seriously the security implications of using an obsolete function. Consider using alternate functions.

Common Consequences

Other

Quality Degradation

Detection Methods

Automated Static Analysis - Binary or Bytecode

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Binary / Bytecode Quality Analysis ``` Cost effective for partial coverage: ``` Bytecode Weakness Analysis - including disassembler + source code weakness analysis

Effectiveness: High

Manual Static Analysis - Binary or Bytecode

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Effectiveness: SOAR Partial

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Debugger

Effectiveness: High

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Manual Source Code Review (not inspections) ``` Cost effective for partial coverage: ``` Focused Manual Spotcheck - Focused manual analysis of source

Effectiveness: High

Automated Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Source Code Quality Analyzer Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer

Effectiveness: High

Automated Static Analysis

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Origin Analysis

Effectiveness: High

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Formal Methods / Correct-By-Construction Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: High

Related Weaknesses

CWE-710

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Contact Us

Get in touch for collaboration

Homepage

Explore more security resources