Description
The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.
Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
CWE-676
CWE-120
CWE-20
Consequences
Integrity, Confidentiality, Availability: Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions.
CVE References
