Use of scanf() operation that permits buffer overflows [Security Vulnerability]

[jishanshaikh4]

The scanf() family's %s operation, without a limit specification, permits buffer overflows. Buffer overflow is one of the most common class of vulnerabilities.

LABEL: Bug
SEVERITY: Major
SOLUTION: Specify a limit to %s, or use a different input function.
COMMON WEAKNESS ENUMERATION INDEX: CWE-120, CWE-20

Instances found in the GitHub repository:

• src\glove.c:324
• src\glove.c:305
• src\cooccur.c:258