Security vulnerabilities and automated fixes for command line injection issues
1 post found
A critical buffer overflow vulnerability was discovered in `spdm_emu/spdm_emu_common/spdm_emu.c` at line 638, where an unbounded `strcpy()` call copied a user-supplied command-line argument directly into the fixed-size buffer `m_ip_address_string` without any length validation. An attacker able to invoke the `spdm_emu` binary with an oversized argument could corrupt adjacent memory and potentially achieve arbitrary code execution. The fix replaces the unsafe `strcpy()` with a bounded `strncpy()`