| 标题 | SourceCodester Phone Contact Manager System V1.0 Buffer Pollution |
|---|
| 描述 | The vulnerability stems from the program’s improper handling of input buffers, leaving residual data in the buffer that pollutes subsequent logic.
When the user enters a menu option (e.g., 1kkk):
The program parses the numeric portion (1) as the menu option.
The remaining characters (kkk) are left in the input buffer.
During subsequent contact information entry logic, the program calls getline to read the Name. Instead of waiting for user input, it directly reads the residual characters kkk from the buffer.
As a result, the invalid data is incorrectly treated as legitimate contact information and stored in the system. |
|---|
| 来源 | ⚠️ https://github.com/TinkAnet/cve/blob/main/BOF2.md |
|---|
| 用户 | Tinkanet (UID 52949) |
|---|
| 提交 | 2024-12-06 10時18分 (1 年前) |
|---|
| 管理 | 2024-12-08 18時10分 (2 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 287275 [SourceCodester Phone Contact Manager System 1.0 ContactBook.cpp ContactBook::adding 权限提升] |
|---|
| 积分 | 20 |
|---|