| 제목 | SourceCodester Phone Contact Manager System V1.0 Buffer Pollution |
|---|
| 설명 | The vulnerability stems from the program’s improper handling of input buffers, leaving residual data in the buffer that pollutes subsequent logic.
When the user enters a menu option (e.g., 1kkk):
The program parses the numeric portion (1) as the menu option.
The remaining characters (kkk) are left in the input buffer.
During subsequent contact information entry logic, the program calls getline to read the Name. Instead of waiting for user input, it directly reads the residual characters kkk from the buffer.
As a result, the invalid data is incorrectly treated as legitimate contact information and stored in the system. |
|---|
| 원천 | ⚠️ https://github.com/TinkAnet/cve/blob/main/BOF2.md |
|---|
| 사용자 | Tinkanet (UID 52949) |
|---|
| 제출 | 2024. 12. 06. AM 10:18 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 08. PM 06:10 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 287275 [SourceCodester Phone Contact Manager System 1.0 ContactBook.cpp ContactBook::adding 권한 상승] |
|---|
| 포인트들 | 20 |
|---|