CVE-2021-47781: Printf Family Self Concatenation Overflow
A printf-family function (swprintf_s/swprintf/sprintf_s/sprintf/snprintf/_snwprintf_s) is called with the destination buffer passed both as the output and as its own %s source, followed by a single attacker-influenced argument (e.g. `swprintf_s(buf, L"%s /run {%s}", buf, user_input)`). This is an unbounded self-concatenation into a fixed-size buffer with ove
greprules fetch cve-2021-47781-printf-family-self-concatenation-overflow --engine opengrepDescription
A printf-family function (swprintf_s/swprintf/sprintf_s/sprintf/snprintf/_snwprintf_s) is called with the destination buffer passed both as the output and as its own %s source, followed by a single attacker-influenced argument (e.g. `swprintf_s(buf, L"%s /run {%s}", buf, user_input)`). This is an unbounded self-concatenation into a fixed-size buffer with ove
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.