...
| Include Page | ||||
|---|---|---|---|---|
|
Risk Assessment
Copying data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can use this to execute arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR32-C | 3 (medium) | 3 (probable) | 2 (medium) | P18 | L1 |
References
- ISO/IEC 9899-1999 Sections 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>, 5.1.2.2.1 Program startup, 7.20.4.5 The getenv function
- Seacord 05 Chapter 2 Strings