{
"id": "cbad46fd7c5c279fe3f487d17a0e90bcdbfea1e145d7a86d6b7b49d70dc08ecc",
"category": "sast",
"name": "Function does not check for buffer overflows when copying",
"description": "The `memcpy` family of functions require the developer to validate that the destination buffer\nis the same size or larger than the source buffer. Buffer overflows could be introduced if care\nis not taken to validate buffer sizes.\n\nIf developing for C Runtime Library (CRT), more secure versions of these functions should be\nused, see:\nhttps://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/memcpy-s-wmemcpy-s?view=msvc-170\n",
"cve": "semgrep_id:flawfinder.memcpy-1.CopyMemory-1.bcopy-1:6093:6093",
"severity": "High",
"scanner": {
"id": "semgrep",
"name": "Semgrep"
},
"location": {
"file": "src/secp256k1/src/tests.c",
"start_line": 6093
},
"identifiers": [
{
"type": "semgrep_id",
"name": "flawfinder.memcpy-1.CopyMemory-1.bcopy-1",
"value": "flawfinder.memcpy-1.CopyMemory-1.bcopy-1"
},
{
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"type": "owasp",
"name": "A03:2021 - Injection",
"value": "A03:2021"
},
{
"type": "owasp",
"name": "A1:2017 - Injection",
"value": "A1:2017"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - memcpy",
"value": "memcpy"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - CopyMemory",
"value": "CopyMemory"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - bcopy",
"value": "bcopy"
}
]
}