| عنوان | SourceCodester Phone Contact Manager System in C++ with Source Code V1.0 Buffer Pollution |
|---|
| الوصف | The function UserInterface::MenuDisplayStart() does not properly handle user input. When a user enters mixed characters (e.g., 1qqqqq), the std::cin >> choice operation successfully parses the numeric portion (1) and leaves the remaining characters (qqqqq) in the input buffer. Subsequent calls to getline(std::cin, name) consume these leftover characters, leading to the unintended assignment of invalid data (qqqqq) to the name variable.
This buffer pollution vulnerability allows invalid input to propagate through the program, causing data corruption and exposing the system to potential security risks. Immediate mitigation is recommended by implementing input validation, clearing the input buffer, and enhancing error handling. |
|---|
| المصدر | ⚠️ https://github.com/jasontimwong/CVE/issues/1 |
|---|
| المستخدم | Jason huibin wong (UID 78722) |
|---|
| ارسال | 05/12/2024 05:35 PM (1 سنة منذ) |
|---|
| الاعتدال | 08/12/2024 06:08 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 287273 [SourceCodester Phone Contact Manager System 1.0 User Menu MenuDisplayStart الأسم تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|