We are analyzing vulnerable C++ code snippets migrated from StackOverflow too Github. We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in file
Here is a summary of the vulnerable code snippet:
Description:
If current_index or current_index + sizeof(T) get larger than size of vec, information leakage can occur.
static T get_from_vector(const std::vector<uint8_t>& vec, const size_t current_index){
example:
int main(){
std::vector<uint8_t> vec {0x01, 0x05};
auto byte1 = get_from_vector<uint8_t>(vec, 10);
auto byte2 = get_from_vector<uint16_t>(vec, 20);
auto byte4 = get_from_vector<uint32_t>(vec, 50);
auto byte8 = get_from_vector<uint64_t>(vec, 32);
printf("%x - %x -%x -%x",byte1,byte2,byte4,byte8);
}
output it's being like this:
0 - 0 -0 -382d3531
Mitigation:
Validate size of current_index + sizeof(T) to always be in the boundary of vec.
Please verify our report here with regards to the above vulnerability to assist you.
Link to survey (should not take more than 5 minutes).
Sincerely yours,
Morteza …, university info
Jafar, .. university info
Ashkan Sami, university, website
Foutse Khomh, Polytechnique Montreal, website: http://www.khomh.net/
Gias Uddin, Polytechnique Montreal, website: https://giasuddin.github.io
...
Hi,
We are analyzing vulnerable C++ code snippets migrated from StackOverflow too Github. We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in file
Here is a summary of the vulnerable code snippet:
Description:
If
current_index
orcurrent_index + sizeof(T)
get larger than size ofvec
, information leakage can occur.example:
output it's being like this:
Mitigation:
Validate size of
current_index + sizeof(T)
to always be in the boundary of vec.Please verify our report here with regards to the above vulnerability to assist you. Link to survey (should not take more than 5 minutes).
Sincerely yours, Morteza …, university info Jafar, .. university info Ashkan Sami, university, website Foutse Khomh, Polytechnique Montreal, website: http://www.khomh.net/ Gias Uddin, Polytechnique Montreal, website: https://giasuddin.github.io ...