Buffer Overflow via Uncontrolled Format String
Description
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. This can occur when using uncontrolled format strings with scanf functions.
Examples
Insecure Code
c
scanf("%s", input);Secure Code
c
scanf("%10s", input);Remediation
Use controlled format strings and limit the input length to prevent buffer overflows.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0621 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, format string |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/120
- https://cwe.mitre.org/data/definitions/787
- https://cwe.mitre.org/data/definitions/676
- https://g.co/kgs/PCHQjJ