Avoid using snprintf() function (C++)

Rule Definition
The use of snprintf() can make an application vulnerable to format string vulnerability attacks Format string vulnerability attacks fall into three categories: denial of service, reading and writing: Format string vulnerability denial of service attacks are characterized by utilizing multiple instances of the %s format specifier to read data off of the stack until the program attempts to read data from an illegal address, which will cause the program to crash. Format string vulnerability reading attacks typically utilize the %x format specifier to print sections of memory that we do not normally have access to. Format string vulnerability writing attacks utilize the %d, %u or %x format specifiers to overwrite the Instruction Pointer and force execution of user-supplied shell code. The snprintf function is called _snprintf on some platforms.

Related Technologies

Health Factor

Total Quality Index

Technical Criterion
Secure Coding - API Abuse

About CAST Appmarq

CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.

Benchmark Statistics

Global Compliance

99.98%

Total Violations

289

Total Opportunities

1,250,911

Average Violations / App.

6.28

The compliance score represents 1 minus the ratio between the number of times a rule has been violated compared to the number of opportunities in a set of applications that the rule could have been violated.

Industry Insights

Financial Services

99.98%

Telecommunications

99.91%

IT & Business Consulting

99.99%

Want more stats? Register now!