...
Tool | Version | Checker | Description | |||||||
---|---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| LANG.MEM.BO | Buffer overrun | |||||||
|
| Can detect violations of the rule. However, it is unable to handle cases involving | ||||||||
Coverity | 6.5 | STRING_OVERFLOW | Fully implemented | |||||||
5.0 |
|
| ||||||||
| NNTS.TAINTED |
| ||||||||
| 489 S, 109 D, 66 X, 70 X, 71 X | Partially implemented | ||||||||
Parasoft C/C++test | 9.5 | BD-PB-OVERFWR,SECURITY-12 | ||||||||
Polyspace Bug Finder | R2016a | Buffer overflow from incorrect string format specifier Destination buffer overflow in string manipulation Invalid use of standard library string routine | Guarantee that storage for strings has sufficient space for character data and null terminator | |||||||
|
|
| ||||||||
PRQA QA-C |
| warncall for 'gets' | Partially implemented |
Related Vulnerabilities
CVE-2009-1252 results from a violation of this rule. The Network Time Protocol daemon (NTPd), before versions 4.2.4p7 and 4.2.5p74, contained calls to sprintf
that allow an attacker to execute arbitrary code by overflowing a character array [xorl 2009].
...