...
Given below is a non-exhaustive list of library functions to which the above rules can apply:
memcpy() | memmove() | memset() |
|
| |
|
wmemcpy() wmemcmp() | wmemmove() | strftime() |
| |||
calloc snprintf() | malloc() | realloc() calloc() |
| |||
strncpy() | swprintf() | vswprintf() |
| |||
wcsncpy() | strxfrm vsnprintf() | wcsncpy snprintf() |
| |||
vsnprintf() | fread fwrite() * | fread() * |
|
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...