...
Using an automatic variable as an argument to putenv() may cause that variable to take on an unintended value. Depending on how and when that variable is used, this can cause unexpected program behavior, or possibly allow an attacker to run arbitrary code.
Referencing an object outside of its lifetime could result in an attacker being able to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV80-C | 3 (high) | 1 (unlikely) | 1 (high) | P3 | L3 |
...
| Wiki Markup |
|---|
\[[Open Group 04|AA. C++ References#Open Group 04]\] The putenv() function \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions" \[[DCL30-C. Do not refer to an object outside of its lifetime]\] |