[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Often Misused: String Management

ID: 251Date: (C)2012-05-14   (M)2022-10-10
Type: categoryStatus: INCOMPLETE





Description

Functions that manipulate strings encourage buffer overflows.

Applicable Platforms
Language: C
Language: C++

Common Consequences
None

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-251 ChildOf CWE-633 Category CWE-631  

Demonstrative Examples   (Details)

  1. Windows provides the _mbs family of functions to perform various operations on multibyte strings. When these functions are passed a malformed multibyte string, such as a string containing a valid leading byte followed by a single null byte, they can read or write past the end of the string buffer causing a buffer overflow. The following functions all pose a risk of buffer overflow: _mbsinc _mbsdec _mbsncat _mbsncpy _mbsnextc _mbsnset _mbsrev _mbsset _mbsstr _mbstok _mbccpy _mbslen

White Box Definitions
Definition: A weakness where code path has:
1. end statement that passes the string item to a string function
2. start statement that malformed the string item
Where "malformed" is defined through the following scenarios:
1. changed to unexpected value
2. incorrect syntactical structure

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
7 Pernicious Kingdoms  Often Misused: Strings
 
 

References:
None

© SecPod Technologies