CWE-785βUse of Path Manipulation Function without Maximum-sized Buffer
PUBLISHEDweakness record
released 2009-07-27 Β· last modified 2025-12-11
Metadata
Weakness Name
Use of Path Manipulation Function without Maximum-sized Buffer
Description
The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.