316 – Improper resource allocation - Buffer overflow

Description

Within the code there are unsafe statements that can affect the performance and response time of the application. See https://rules.sonarsource.com/java/RSPEC-1149?search=stringbuffer for more information.

Impact

Affect application performance.

Recommendation

Use the libraries that allow to execute the functions of concatenation and storage in collections in an optimized way (ArrayList and StringBuilder or SyncronizedList).

Threat

Attacker with access to the application.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 072 - Set maximum response time
• 158 - Use a secure programming language
• 164 - Use optimized structures
• 173 - Discard unsafe inputs

Fixes

• Csharp

Last updated

2024/02/19