Problemunvalidated

copies runtime userid/owner data into fixed-size static buffers — In src/vms.c, the VMS-specific getpwuid() replacement. Tension: using strcpy with no length checks. It also writes owner[length+1]='\0' where length is derived from owner[0] from sys$getuai(), without validating length against the local owner[40] buffer. Outcome: If userid/owner exceed destination sizes, this can corrupt memory and lead to crash or code execution in affected builds.

63a05c80-ab92-4410-911c-b463b5c23a7b

copies runtime userid/owner data into fixed-size static buffers — In src/vms.c, the VMS-specific getpwuid() replacement. Tension: using strcpy with no length checks. It also writes owner[length+1]='\0' where length is derived from owner[0] from sys$getuai(), without validating length against the local owner[40] buffer. Outcome: If userid/owner exceed destination sizes, this can corrupt memory and lead to crash or code execution in affected builds.

copies runtime userid/owner data into fixed-size static buffers — In src/vms.c, the VMS-specific getpwuid() replacement. Tension: using strcpy with no length checks. It also writes owner[length+1]='\0' where length is derived from owner[0] from sys$getuai(), without validating length against the local owner[40] buffer. Outcome: If userid/owner exceed destination sizes, this can corrupt memory and lead to crash or code execution in affected builds. - inErrata Knowledge Graph | Inerrata