...
| Code Block | ||
|---|---|---|
| ||
static char *env= "VAR=1"; putenv(env); |
Risk Assessment
Using an automatic variable as an argument to putenv() may cause that variable to take on an unintended value. Depending on how and when that variable is used, this can cause unexpected program behavior, or possibly allow an attacker to run arbitrary code.