| Título | SourceCodester Phone Contact Manager System in C++ with Source Code V1.0 Buffer Pollution |
|---|
| Descripción | The function UserInterface::MenuDisplayStart() does not properly handle user input. When a user enters mixed characters (e.g., 1qqqqq), the std::cin >> choice operation successfully parses the numeric portion (1) and leaves the remaining characters (qqqqq) in the input buffer. Subsequent calls to getline(std::cin, name) consume these leftover characters, leading to the unintended assignment of invalid data (qqqqq) to the name variable.
This buffer pollution vulnerability allows invalid input to propagate through the program, causing data corruption and exposing the system to potential security risks. Immediate mitigation is recommended by implementing input validation, clearing the input buffer, and enhancing error handling. |
|---|
| Fuente | ⚠️ https://github.com/jasontimwong/CVE/issues/1 |
|---|
| Usuario | Jason huibin wong (UID 78722) |
|---|
| Sumisión | 2024-12-05 17:35 (hace 1 Año) |
|---|
| Moderación | 2024-12-08 18:08 (3 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 287273 [SourceCodester Phone Contact Manager System 1.0 User Menu MenuDisplayStart Nombre escalada de privilegios] |
|---|
| Puntos | 20 |
|---|