| Titolo | SourceCodester Phone Contact Manager System V1.0 Buffer Pollution |
|---|
| Descrizione | The vulnerability stems from the program’s improper handling of input buffers, leaving residual data in the buffer that pollutes subsequent logic.
When the user enters a menu option (e.g., 1kkk):
The program parses the numeric portion (1) as the menu option.
The remaining characters (kkk) are left in the input buffer.
During subsequent contact information entry logic, the program calls getline to read the Name. Instead of waiting for user input, it directly reads the residual characters kkk from the buffer.
As a result, the invalid data is incorrectly treated as legitimate contact information and stored in the system. |
|---|
| Fonte | ⚠️ https://github.com/TinkAnet/cve/blob/main/BOF2.md |
|---|
| Utente | Tinkanet (UID 52949) |
|---|
| Sottomissione | 06/12/2024 10:18 (2 anni fa) |
|---|
| Moderazione | 08/12/2024 18:10 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 287275 [SourceCodester Phone Contact Manager System 1.0 ContactBook.cpp ContactBook::adding escalationi di privilegi] |
|---|
| Punti | 20 |
|---|