...
| Wiki Markup |
|---|
1.) [CVE-2009-1252|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1252] results from a violation of this rule: the Network Time Protocol (NTPd), before versions 4.2.4p7 and 4.2.5p74, contains calls to sprintf that allow execution of arbitrary code by overflowing a character array \[[xorl 2009|AA. C References#xorl 2009]\]. |
Other Languages
This rule appears in the C++ Secure Coding Standard as STR31-CPP. Guarantee that storage for character arrays has sufficient space for character data and the null terminator.
...