rspec/rules/S1081/impact.adoc

=== What is the potential impact?

==== Code execution

In some cases, an attacker can craft input in a way that allows them to gain unauthorized access to your system. For example, they might be able to overwrite a function's return address in memory, causing your program to execute code of the attacker's choosing. This could potentially give the attacker full control over your system.

==== Denial of service

If an attacker can trigger a buffer overflow by providing oversized input, it can cause the program to crash. If the attacker repeats this process, it can continually disrupt the service, denying access to other users. This can be particularly damaging for services that require high availability, such as online platforms or databases.

In some cases, the input might cause the program to enter an infinite loop or consume excessive memory, slowing down the system or even causing it to become unresponsive. This type of attack is known as a resource exhaustion DoS attack.
Modify rule S1081: Change text to education framework format (APPSEC-1210) (#3341) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com> 2023-10-25 13:43:01 +02:00			`=== What is the potential impact?`

			`==== Code execution`

			`In some cases, an attacker can craft input in a way that allows them to gain unauthorized access to your system. For example, they might be able to overwrite a function's return address in memory, causing your program to execute code of the attacker's choosing. This could potentially give the attacker full control over your system.`

			`==== Denial of service`

			`If an attacker can trigger a buffer overflow by providing oversized input, it can cause the program to crash. If the attacker repeats this process, it can continually disrupt the service, denying access to other users. This can be particularly damaging for services that require high availability, such as online platforms or databases.`

			`In some cases, the input might cause the program to enter an infinite loop or consume excessive memory, slowing down the system or even causing it to become unresponsive. This type of attack is known as a resource exhaustion DoS attack.`