Use of Potentially Dangerous Function
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-676: Use of Potentially Dangerous Function |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using ‘strtok()’ directly modifies the input buffer and removes delimiter characters, which can unintentionally alter or corrupt the original data. This can lead to unpredictable behavior and bugs, especially if the input buffer is reused elsewhere.
Impact#
If an attacker can influence the input, they might exploit this behavior to manipulate memory or cause the application to process corrupted or unexpected data. This could result in data integrity issues, unexpected crashes, or make the application vulnerable to further attacks.