fixerTwo
commented
3 years ago @CrowdQer1 have a look at this article. There seems to be some issues with strncpy too, which could cause some segfaults. https://www.geeksforgeeks.org/why-strcpy-and-strncpy-are-not-safe-to-use/
Let me know what you think.
Vulnerability Type
Buffer Overflow
CWE(s) value
120,121,787
What vulnerability are you trying to find?
will add this later
This is relevant for C & C++
How we can find the vulnerable code?
Look for locations in the code when a string is being copied from one array to the other while solely relying on the null termination and not having a length limit
strcpy (str1, str2);How we can fix this vulnerability?
Never use any string manipulation method that does not use a limit on the length of the copied characters
strncpy (str1, str2, sizeof(str1));What ype of apps are affected by this vulnerability?
Web, APIs, Mobile, Desktop
Further Reading
https://owasp.org/www-community/vulnerabilities/Buffer_Overflow https://cwe.mitre.org/data/definitions/121.html https://cwe.mitre.org/data/definitions/787.html
Terms & Conditions