| Titre | SourceCodester Phone Contact Manager System in C++ with Source Code V1.0 Buffer Pollution |
|---|
| Description | The function UserInterface::MenuDisplayStart() does not properly handle user input. When a user enters mixed characters (e.g., 1qqqqq), the std::cin >> choice operation successfully parses the numeric portion (1) and leaves the remaining characters (qqqqq) in the input buffer. Subsequent calls to getline(std::cin, name) consume these leftover characters, leading to the unintended assignment of invalid data (qqqqq) to the name variable.
This buffer pollution vulnerability allows invalid input to propagate through the program, causing data corruption and exposing the system to potential security risks. Immediate mitigation is recommended by implementing input validation, clearing the input buffer, and enhancing error handling. |
|---|
| La source | ⚠️ https://github.com/jasontimwong/CVE/issues/1 |
|---|
| Utilisateur | Jason huibin wong (UID 78722) |
|---|
| Soumission | 05/12/2024 17:35 (il y a 1 Année) |
|---|
| Modérer | 08/12/2024 18:08 (3 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 287273 [SourceCodester Phone Contact Manager System 1.0 User Menu MenuDisplayStart Nom élévation de privilèges] |
|---|
| Points | 20 |
|---|