Package: elvis-tiny Severity: normal X-Debbugs-Cc: kangwoos...@gmail.com Dear Maintainer,
I found some potential buffer overflow vulnerability in main.c. -------------------------------------------------- 264 str = getenv("HOME"); 265 if (str) 266 { 267 sprintf(tmpblk.c, "%s%c%s", str, SLASH, HMEXRC); -------------------------------------------------- At line 264, the program reads the value of 'str' from an environment variable. Since the size of 'tmpblk.c' is fixed to 1024 and there is no range check, if a malicious attacker puts large string, it may cause buffer overflow which leads to buggy behavior. Thank you. -- System Information: Debian Release: 11.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.16.3-microsoft-standard-WSL2 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages elvis-tiny depends on: ii libc6 2.31-13 ii libtinfo6 6.2+20201114-2 elvis-tiny recommends no packages. elvis-tiny suggests no packages.