Skip to content

[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf  #553

New issue
New issue
Closed
Closed
[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf #553
Labels
All For OneSubmissions to the All for One, One for All bounty
@ihsinme

Description

@ihsinme
ihsinme
opened on Mar 14, 2022

Query PR

github/codeql#8246

Language

C/C++

CVE(s) ID list

CVE-2019-15900

CWE

CWE-754: Improper Check for Unusual or Exceptional Conditions

Report

  1. in undefined behavior with uninitiated arguments and no function validation.
  2. uninitialized variables will be filled with random values. in case of an error in the function that fills these variables, the developer will continue to work with random values.
  3. look for places without checking the results of the function, provided that the arguments were not previously initialized.
  4. Eliminate situations when there is a comparison of the values of the arguments after the call.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

https://twitter.com/ihsinme/status/1503261203262550017

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions