1.2 KiB

Исходник Постоянная ссылка Ответственный История

Banned C function detected (strcat)

Summary

Use of the strcat function to concatenate strings can lead to a buffer overrun vulnerability.
Use secure versions such as strcat_s to help prevent buffer overruns.

Details

The strcat function does not check for sufficient space in the destination buffer. If the combination of strings is larger than the destination buffer, the strcat will overflow the destination buffer. This is a potential cause of a buffer overrun vulnerability.

Solution

Use secure versions such as strcat_s to help prevent buffer overruns.

Severity Considerations

In the worst case, a buffer overrun vulnerability can provide an attacker the ability to execute arbitrary code leading to complete system compromise.

References

CodeQL: Potentially unsafe call to strcat
Microsoft Learn: strcat_s
Avoiding Buffer Overruns
OWASP: Buffer Overflow

1.2 KiB Исходник Постоянная ссылка Ответственный История