SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 32

changes.mady.by.user Osona Steave

Saved on

compared with

New Version 33

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Include Page
c:STR31 CS memcpy
c:STR31 CS memcpy

Risk Assessment

Copying data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can use this to execute arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR31-C

3 (medium)

3 (probable)

2 (medium)

P18

L1

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Sections 7.1.1 Definitions of terms, Section 7.21 String handling <string.h>, 5.1.2.2.1 Program startup, 7.20.4.5 The getenv function
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 2 Strings
\[[VU#196240|http://www.kb.cert.org/vulnotes/id/196240]\], [More|http://www.kb.cert.org/vulnotes/byid?searchview&query=cert-seccode:STR31-C]