...
Include Page | ||||
---|---|---|---|---|
|
Risk Assessment
Copying data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can use this to execute arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR31-C | 3 (medium) | 3 (probable) | 2 (medium) | P18 | L1 |
References
Wiki Markup |
---|
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 7, "Program Building Blocks" (Loop Constructs 327-336) \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Sections 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>, 5.1.2.2.1 Program startup, 7.20.4.5 The getenv function \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 2 Strings \[[VU#196240|http://www.kb.cert.org/vulnotes/id/196240]\], [More|http://www.kb.cert.org/vulnotes/byid?searchview&query=cert-seccode:STR31-C] |