Scope: Confidentiality, Availability, Access Control / Impact: Execute Unauthorized Code or Commands; Bypass Protection Mechanism
対策・緩和策
When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().