...
On implementations that do not detect output-string-length overflow, it is possible to overflow the output buffers.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC33-C | High | Likely | Low | P27 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||
|---|---|---|---|---|---|---|---|
| Astrée |
|
| Supported, but no explicit checker | |||||||||
| LDRA tool suite |
| 44 S | Enhanced Enforcement | ||||||
| Parasoft C/C++test |
|
|
|
| SECURITY-01 | Strict enforcement | ||
| Polyspace Bug Finder | R2016a | Use of obsolete standard function | Obsolete routines can cause security vulnerabilities and portability issues |
| PRQA QA-C | 9.1 | 5032 |
| RuleChecker |
|
| Supported, but no explicit checker |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C Secure Coding Standard | MSC24-C. Do not use deprecated or obsolescent functions | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, asctime |
| [ISO/IEC 9899:2011] | 7.27.3.1, "The asctime Function" |
...
...