Back to the previous page
Test Case ID | ![]() |
Bad / Good / Mixed | Bad![]() |
Author | IARPA STONESOUP Test and Evaluation team |
Associations | Test suite: 102 Application: 6 |
Added by | Charles Oliveira |
Language | C |
Type of test case | Source Code |
Input string | |
Expected Output | |
Instructions | See src/INSTALL file for instructions on how to install. |
Submission date | 2015-10-06 |
Description | This test case implements an sprintf that uses untrusted user input without a format string. The test case takes untrusted user input and passes it to an sprintf that does not implement a format string. This allows the user to pass format strings to the test case causing it to leak sensitive data and possibly allowing an attacker to cause a buffer overflow and inject shell code. Metadata - Base program: Tree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE |
File(s) |
|
Flaw |
There are no comments
Have any comments on this test case? Please,
.
- color.c
- service_mon.sh
- runFifos.py
- C-C134A-CTRE-01-ST01-DT02-DF11-CF20-01.xml
- C-C134A-CTRE-01-ST01-DT02-DF11-CF20-01.yaml
File Contains:
CWE-134: Uncontrolled Format String on line(s): 541, 542, 543, 544, 545
CWE-134: Uncontrolled Format String on line(s): 541, 542, 543, 544, 545