Use of insecure scanf-family functions prone to buffer overflow

Description

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.

Rationale

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.

The following code illustrates a vulnerable pattern detected by this rule:

int number;
char fmt[] = "whatever";

// VULNERABLE: Use of insecure scanf-family functions prone to buffer overflow
scanf("%s", buf);

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-676
OWASP Top 10 2021 - A06 : Vulnerable and Outdated Components.
https://cwe.mitre.org/data/definitions/120
https://cwe.mitre.org/data/definitions/787
https://g.co/kgs/PCHQjJ
CERTC-MSC24-C