A dangerous function was called without adequate protection.
Some library and API functions can execute an arbitrary command. Care should be taken to ensure that this cannot lead to a security weakness. In particular, user input should never be used to form a command that is passed to the system function.
ID |
Observation |
Description |
---|---|---|
1 |
Call site |
The place the function was called |
#include <stdlib.h> int main (int argc, char **argv) { // Don't pass unchecked string to system! system(argv[1]); return 0; }
Copyright © 2010, Intel Corporation. All rights reserved.