| Note | ||
|---|---|---|
| ||
This guideline has been deprecated. It has been superseded by: 11/05/2014 -- Version 2.0 |
When a guideline has been deprecated, it will remain available until the next major release at which point it will be moved to
The managed string library described in Specifications for Managed Strings [Burch 2006] was developed in response to the need for a string library that could improve the quality and security of newly developed C language code while eliminating obstacles to widespread adoption and possible standardization.
...
String-handling functions defined in the C Standard, subclause 7.24 [ISO/IEC 9899:2011]24, and elsewhere are susceptible to common programming errors that can lead to serious, exploitable vulnerabilities. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR08-C | highHigh | probableProbable | highHigh | P6 | L2 |
Related Vulnerabilities
...
| [Burch 2006] | |
| [CERT 2006c] | |
| [Seacord 2013] | Chapter 2, "Strings" |
...