Package illustrating a test case

Test case 149047

Type: source code
Pairs: 149048-v2.0.0
State: bad
Author: PLOVER, Fortify Software, Alexander Hoole, Aurelien Delaitre
Status: candidate
Language: C
Submission Date: 23 Mar 2015

Description

A syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains.

Flaws

CWE-134 Use of Externally-Controlled Format String

Test Suites

C Test Suite for Source Code Analyzer v2 - Vulnerable

Have any comments on this test case? Please, send us an email.