...
| Include Page | ||||
|---|---|---|---|---|
|
Priority: P18 Level: L1
Failure to properly allocate sufficient space when copying null-terminated byte strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process by an attacker.
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
STR32-C | ||||||
Component | Value | |||||
Severity | 3 (medium) | Likelihood | 3 (probable) Remediation cost | 2 (medium) | P18 | L1 |
References
- ISO/IEC 9899-1999 Sections 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>, 5.1.2.2.1 Program startup, 7.20.4.5 The getenv function
- Seacord 05 Chapter 2 Strings