CWE-785
Use of Path Manipulation Function without Maximum-sized Buffer
AI Translation Available
The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
Status
incomplete
Abstraction
variant
Affected Platforms
C
C++
Extended Description
AI Translation
Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
availability
Impacts
modify memory
execute unauthorized code or commands
dos: crash, exit, or restart
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
Descriptions:
•
Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions.