| عنوان | SourceCodester Phone Contact Manager System V1.0 Buffer Pollution |
|---|
| الوصف | The vulnerability stems from the program’s improper handling of input buffers, leaving residual data in the buffer that pollutes subsequent logic.
When the user enters a menu option (e.g., 1kkk):
The program parses the numeric portion (1) as the menu option.
The remaining characters (kkk) are left in the input buffer.
During subsequent contact information entry logic, the program calls getline to read the Name. Instead of waiting for user input, it directly reads the residual characters kkk from the buffer.
As a result, the invalid data is incorrectly treated as legitimate contact information and stored in the system. |
|---|
| المصدر | ⚠️ https://github.com/TinkAnet/cve/blob/main/BOF2.md |
|---|
| المستخدم | Tinkanet (UID 52949) |
|---|
| ارسال | 06/12/2024 10:18 AM (1 سنة منذ) |
|---|
| الاعتدال | 08/12/2024 06:10 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 287275 [SourceCodester Phone Contact Manager System 1.0 ContactBook.cpp ContactBook::adding تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|