Package illustrating a test case

Test case 149061

Type: source code
Pairs: 149062-v2.0.0
State: bad
Author: Fortify Software, Alexander Hoole, Aurelien Delaitre
Status: candidate
Language: C
Submission Date: 23 Mar 2015

Description

A syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains.

Flaws

CWE-134 Use of Externally-Controlled Format String

Have any comments on this test case? Please, send us an email.