vendor:
iSQL
by:
HaHwul
7.5
CVSS
HIGH
Buffer Overflow
121
CWE
Product Name: iSQL
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: none
CPE: a:roselone:isql:1.0
Platforms Tested: Debian [wheezy]
2016
iSQL(RL) 1.0 – Buffer Overflow(isql_main.c)
The vulnerability is present in the isql_main.c file of iSQL(RL) 1.0. The strcpy function at line 453 is vulnerable as it does not check the size of the 'str' variable before copying it into 'cmd'. This can lead to a buffer overflow.
Mitigation:
To mitigate this vulnerability, the software should use safer string manipulation functions that perform size checks, such as strncpy.