| タイトル | SourceCodester Phone Contact Manager System V1.0 Buffer Pollution |
|---|
| 説明 | The vulnerability stems from the program’s improper handling of input buffers, leaving residual data in the buffer that pollutes subsequent logic.
When the user enters a menu option (e.g., 1kkk):
The program parses the numeric portion (1) as the menu option.
The remaining characters (kkk) are left in the input buffer.
During subsequent contact information entry logic, the program calls getline to read the Name. Instead of waiting for user input, it directly reads the residual characters kkk from the buffer.
As a result, the invalid data is incorrectly treated as legitimate contact information and stored in the system. |
|---|
| ソース | ⚠️ https://github.com/TinkAnet/cve/blob/main/BOF2.md |
|---|
| ユーザー | Tinkanet (UID 52949) |
|---|
| 送信 | 2024年12月06日 10:18 (1 年 ago) |
|---|
| モデレーション | 2024年12月08日 18:10 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 287275 [SourceCodester Phone Contact Manager System 1.0 ContactBook.cpp ContactBook::adding 特権昇格] |
|---|
| ポイント | 20 |
|---|