...
The forthcoming technical report ISO/IEC TR 24731 Part II will also provide an API that dynamically allocates the results of string functions as needed.
Risk Assessment
| Wiki Markup |
|---|
String handling functions defined in C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21 and elsewhere are susceptible to common programming errors that can lead to serious, exploitable [vulnerabilities|BB. Definitions#vulnerability]. Managed strings, when used properly, can eliminate many of these errors, particularly in new development. |
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR08-A C | high | probable | high | P6 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <{{string.h}}>"
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings" |
...