{
"id": "25bd8cd50a7e03fbf4569aad8e8d57bc359229da761738dc6ef6568da60ad00d",
"category": "sast",
"name": "sscanf() functions may allow format string based overflows",
"description": "Format specifiers can take optional field widths, which should be\nused to limit how many characters are copied into the target buffer.\n\nExample:\n```\n const char str[20] = \"AAAAAAAAAAAAAAAAAAA\";\n char buf[11] = {0};\n sscanf(str, \"%10s\", &buf); // buf = AAAAAAAAAA\\0\n```\n",
"cve": "semgrep_id:flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1:32:32",
"severity": "High",
"scanner": {
"id": "semgrep",
"name": "Semgrep"
},
"location": {
"file": "contrib/tester-progs/exit-tester.c",
"start_line": 32
},
"identifiers": [
{
"type": "semgrep_id",
"name": "flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1",
"value": "flawfinder.fscanf-1.sscanf-1.vsscanf-1.vfscanf-1._ftscanf-1.fwscanf-1.vfwscanf-1.vswscanf-1"
},
{
"type": "cwe",
"name": "CWE-120",
"value": "120",
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"type": "owasp",
"name": "A03:2021 - Injection",
"value": "A03:2021"
},
{
"type": "owasp",
"name": "A1:2017 - Injection",
"value": "A1:2017"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - fscanf",
"value": "fscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - sscanf",
"value": "sscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - vsscanf",
"value": "vsscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - vfscanf",
"value": "vfscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - _ftscanf",
"value": "_ftscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - fwscanf",
"value": "fwscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - vfwscanf",
"value": "vfwscanf"
},
{
"type": "flawfinder_func_name",
"name": "Flawfinder - vswscanf",
"value": "vswscanf"
}
]
}