Insecure function unable to limit / check buffer sizes
Description
The `sprintf` family of functions do not allow callers to set limits on how many bytes the destination buffer can hold. Consider using more secure alternatives such as `snprintf`.
Examples
Insecure Code
c
sprintf(buffer, "User input: %s", user_input);Secure Code
c
snprintf(buffer, sizeof(buffer), "User input: %s", user_input);Remediation
Use sprintf_s, snprintf, or vsnprintf instead.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0576 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |