| タイトル | SourceCodester Phone Contact Manager System in C++ with Source Code V1.0 Buffer Pollution |
|---|
| 説明 | The function UserInterface::MenuDisplayStart() does not properly handle user input. When a user enters mixed characters (e.g., 1qqqqq), the std::cin >> choice operation successfully parses the numeric portion (1) and leaves the remaining characters (qqqqq) in the input buffer. Subsequent calls to getline(std::cin, name) consume these leftover characters, leading to the unintended assignment of invalid data (qqqqq) to the name variable.
This buffer pollution vulnerability allows invalid input to propagate through the program, causing data corruption and exposing the system to potential security risks. Immediate mitigation is recommended by implementing input validation, clearing the input buffer, and enhancing error handling. |
|---|
| ソース | ⚠️ https://github.com/jasontimwong/CVE/issues/1 |
|---|
| ユーザー | Jason huibin wong (UID 78722) |
|---|
| 送信 | 2024年12月05日 17:35 (1 年 ago) |
|---|
| モデレーション | 2024年12月08日 18:08 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 287273 [SourceCodester Phone Contact Manager System 1.0 User Menu MenuDisplayStart 名前 特権昇格] |
|---|
| ポイント | 20 |
|---|