Use of scanf() operation that permits buffer overflows [Security Vulnerability]

stanfordnlp / GloVe

Software in C and data files for the popular GloVe model for distributed word representations, a.k.a. word vectors or embeddings

Apache License 2.0

6.81k stars 1.51k forks source link

Use of scanf() operation that permits buffer overflows [Security Vulnerability] #192

Open jishanshaikh4 opened 3 years ago

jishanshaikh4 commented 3 years ago

The scanf() family's %s operation, without a limit specification, permits buffer overflows. Buffer overflow is one of the most common class of vulnerabilities.

LABEL: Bug SEVERITY: Major SOLUTION: Specify a limit to %s, or use a different input function. COMMON WEAKNESS ENUMERATION INDEX: CWE-120, CWE-20

Instances found in the GitHub repository:

[ ] src\glove.c:324
[ ] src\glove.c:305
[ ] src\cooccur.c:258