Unvalidated Buffer Copy
Description
The `memcpy` family of functions require the developer to validate that the destination buffer is the same size or larger than the source buffer. Buffer overflows could be introduced if care is not taken to validate buffer sizes. More secure versions of these functions should be used, such as those provided by the C Runtime Library (CRT).
Examples
Insecure Code
c
memcpy(dest, src, size);Secure Code
c
memcpy_s(dest, size, src, size);Remediation
Use secure functions like memcpy-s, wmemcpy-s, or validate buffer sizes before copying.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0573 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, memcpy |
| OWASP | A1:2017-Injection, A03:2021-Injection |