CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer
The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
Last updated
Overview
Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.
Background
Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur.
Common consequences
What can happen when CWE-785 is exploited.
Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart
Affects: Integrity, Confidentiality, Availability
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages