CVE-2025-9232: Strncpy Missing Null Termination Substring
Using `strncpy` to extract a substring by applying an offset and a reduced length does not null-terminate the destination buffer if the source string is at least as long as the requested length. This leaves the destination buffer without a null-terminator, leading to out-of-bounds reads or process crashes (DoS/CVE-2025-9232). Explicitly null-terminate the de
Cβgreprules fetch cve-2025-9232-strncpy-missing-null-termination-substring --engine opengrepDescription
Using `strncpy` to extract a substring by applying an offset and a reduced length does not null-terminate the destination buffer if the source string is at least as long as the requested length. This leaves the destination buffer without a null-terminator, leading to out-of-bounds reads or process crashes (DoS/CVE-2025-9232). Explicitly null-terminate the de
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0