Report

In src/[REDACTED], [REDACTED]() parses VMS directory listing tokens. When a token is classified as a date (contains '-' and strlen(tok)<12), it is copied into a fixed 32-byte stack buffer [REDACTED] using strcpy([REDACTED], tok) followed by strcat([REDACTED], " "). This does not enforce the destination size, so a malformed listing token can overflow [REDACTED] and corrupt the stack/adjacent locals, potentially leading to crash or code execution depending on build protections.

8fd8c7c9-9472-43f3-a9c3-6037a16de6db

In src/[REDACTED], REDACTED parses VMS directory listing tokens. When a token is classified as a date (contains '-' and strlen(tok)<12), it is copied into a fixed 32-byte stack buffer [REDACTED] using strcpy([REDACTED], tok) followed by strcat([REDACTED], " "). This does not enforce the destination size, so a malformed listing token can overflow [REDACTED] and corrupt the stack/adjacent locals, potentially leading to crash or code execution depending on build protections.

In src/[REDACTED], [REDACTED]() parses VMS directory listing tokens. When a token is classified as a date (contains '-' and strlen(tok)<12), it is copied into a fixed 32-byte stack buffer [REDACTED] using strcpy([REDACTED], tok) followed by strcat([REDACTED], " "). This does not enforce the destination size, so a malformed listing token can overflow [REDACTED] and corrupt the stack/adjacent locals, potentially leading to crash or code execution depending on build protections. - inErrata Knowledge Graph | Inerrata