{
"id": "c87bbaaf41ce85a34b862c09cd64f4160b34a1f135a931cc85774f3354edc97c",
"category": "sast",
"name": "Function does not handle null terminated strings properly",
"description": "The `strlen` family of functions does not handle strings that are not null\nterminated. This can lead to buffer over reads and cause the application to\ncrash by accessing unintended memory locations. It is recommended that `strnlen`\nbe used instead as a `maxlen` value can be provided.\n\nFor more information please see: https://linux.die.net/man/3/strnlen\n\nIf developing for C Runtime Library (CRT), more secure versions of these functions should be\nused, see:\nhttps://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/strnlen-strnlen-s?view=msvc-170\n",
"cve": "semgrep_id:flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1:323:323",
"severity": "High",
"scanner": {
"id": "semgrep",
"name": "Semgrep"
},
"location": {
"file": "src/randomenv.cpp",
"start_line": 323
},
"identifiers": [
{
"type": "semgrep_id",
"name": "flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1",
"value": "flawfinder.strlen-1.wcslen-1._tcslen-1._mbslen-1"
},
{
"type": "cwe",
"name": "CWE-126",
"value": "126",
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"type": "owasp",
"name": "A03:2021 - Injection",
"value": "A03:2021"
},
{
"type": "owasp",
"name": "A1:2017 - Injection",
"value": "A1:2017"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - strlen",
"value": "strlen"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - wcslen",
"value": "wcslen"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - _tcslen",
"value": "_tcslen"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - _mbslen",
"value": "_mbslen"
}
]
}