| Título | SourceCodester Phone Contact Manager System V1.0 Improper Input Validation |
|---|
| Descrição | In the function UserInterface::MenuDisplayStart(), user input is parsed into the variable choice. When an excessively long number is entered (e.g., multiple consecutive 1s), std::cin >> choice truncates the input to the maximum value of the int type, 2147483647 (0x7FFFFFFF), without validating the input’s length or range.
Since the value of choice is not validated, the program enters an infinite while(1) loop, repeatedly displaying the main menu. This behavior prevents normal user operations and may consume excessive system resources.
Program Logic Errors
An excessively long input causes choice to be parsed as the maximum value of int (2147483647), leading to undefined or erroneous branch logic.
The main loop executes indefinitely, preventing proper exit.
Resource Consumption
The infinite loop logic causes high CPU usage and may impact overall system performance.
User Experience Issues
The program does not provide feedback for invalid input and repeatedly refreshes the main menu, preventing user interaction.
This vulnerability allows excessively long inputs to bypass validation, leading to program logic errors, infinite loops, and high resource consumption. The issue significantly impacts user experience and could strain system performance. |
|---|
| Fonte | ⚠️ https://github.com/jasontimwong/CVE/issues/2 |
|---|
| Utilizador | Jason huibin wong (UID 78722) |
|---|
| Submissão | 05/12/2024 18h58 (há 1 Ano) |
|---|
| Moderação | 08/12/2024 18h08 (3 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 287274 [SourceCodester Phone Contact Manager System 1.0 User Menu MenuDisplayStart Excesso de tampão] |
|---|
| Pontos | 20 |
|---|