...
Given below is a non-exhaustive list of library functions to which the above rules can apply:
|
|
|
| |||
wmemcpymemcpy() | memcmp wmemcmp() | memmove wmemmove() | memset strftime() | |||
wmemcpy snprintf() | wmemcmp malloc() | wmemmove realloc() | strftime calloc() | |||
|
|
|
| |||
|
|
|
| |||
strncpy() | swprintf() | vswprintf() | vsnprintf() | |||
wcsncpy() |
| fread() * | fwrite() * |
|
|
|
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...