CWE-785Use of Path Manipulation Function without Maximum-sized Buffer

PUBLISHEDweakness record
released 2009-07-27 · last modified 2025-12-11

Metadata

CWE ID:
CWE-785
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2009-07-27
更新日期:
2025-12-11

名称

Use of Path Manipulation Function without Maximum-sized Buffer

描述

The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.

Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.

常见后果

范围:
Integrity, Confidentiality, Availability
影响:
Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart

相关 CWE