Insecure string concatenation functions
Description
The code uses insecure string concatenation functions such as `lstrcatn`, `wcsncat`, `_tcsncat`, or `_mbsnbcat`. These functions are easily misused and can lead to buffer overflow vulnerabilities. Consider using more secure alternatives such as `snprintf`.
Examples
Insecure Code
c
lstrcatn(buffer, "hello", 10);Secure Code
c
snprintf(buffer, 10, "hello");Remediation
Replace the insecure functions with `snprintf` or other secure alternatives. For example, replace `lstrcatn` with `snprintf`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0570 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, string concatenation |
| OWASP | A1:2017-Injection, A03:2021-Injection |