Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects
Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer overflow, are among the most frequently exploited vulnerabilities in so...
Gespeichert in:
| Veröffentlicht in: | IEEE access Jg. 9; S. 142879 - 142892 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Piscataway
IEEE
2021
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Schlagworte: | |
| ISSN: | 2169-3536, 2169-3536 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer overflow, are among the most frequently exploited vulnerabilities in software systems developed in C/C++. Nevertheless, most buffer overflow vulnerabilities are not detectable by vulnerability detection tools and static analysis tools (SATs). To improve vulnerability detection, we need to better understand the characteristics of such vulnerabilities and their root causes. In this study, we analyze 159 vulnerable code units from three representative projects (i.e., Linux Kernel, Mozilla, and Xen). First, the vulnerable code is characterized using the Orthogonal Defect Classification (ODC), showing that most buffer overflow vulnerabilities are related to missing or incorrect checking (e.g., missing if construct around statement or incorrect logical expression used as branch condition). Then, we run two widely used C/C++ Static Analysis Tools (SATs) (i.e., CppCheck and Flawfinder) on the vulnerable and neutral (after the vulnerability fix) versions of each code unit, showing the low effectiveness of this type of tool in detecting buffer overflow vulnerabilities. Finally, we characterize the vulnerable and neutral versions of each code unit using software metrics, demonstrating that, although such metrics are frequently used as indicators of software quality, there is no clear correlation between them and the existence of buffer overflow in the code. As a result, we highlight a set of observations that should be considered to improve the detection of buffer overflow vulnerabilities. |
|---|---|
| AbstractList | Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer overflow, are among the most frequently exploited vulnerabilities in software systems developed in C/C++. Nevertheless, most buffer overflow vulnerabilities are not detectable by vulnerability detection tools and static analysis tools (SATs). To improve vulnerability detection, we need to better understand the characteristics of such vulnerabilities and their root causes. In this study, we analyze 159 vulnerable code units from three representative projects (i.e., Linux Kernel, Mozilla, and Xen). First, the vulnerable code is characterized using the Orthogonal Defect Classification (ODC), showing that most buffer overflow vulnerabilities are related to missing or incorrect checking (e.g., missing if construct around statement or incorrect logical expression used as branch condition). Then, we run two widely used C/C++ Static Analysis Tools (SATs) (i.e., CppCheck and Flawfinder) on the vulnerable and neutral (after the vulnerability fix) versions of each code unit, showing the low effectiveness of this type of tool in detecting buffer overflow vulnerabilities. Finally, we characterize the vulnerable and neutral versions of each code unit using software metrics, demonstrating that, although such metrics are frequently used as indicators of software quality, there is no clear correlation between them and the existence of buffer overflow in the code. As a result, we highlight a set of observations that should be considered to improve the detection of buffer overflow vulnerabilities. |
| Author | Ivaki, Naghmeh Pereira, Jose D'Abruzzo Vieira, Marco |
| Author_xml | – sequence: 1 givenname: Jose D'Abruzzo orcidid: 0000-0003-0717-3396 surname: Pereira fullname: Pereira, Jose D'Abruzzo email: josep@dei.uc.pt organization: Centre for Informatics and Systems of the University of Coimbra, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal – sequence: 2 givenname: Naghmeh orcidid: 0000-0001-8376-6711 surname: Ivaki fullname: Ivaki, Naghmeh organization: Centre for Informatics and Systems of the University of Coimbra, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal – sequence: 3 givenname: Marco orcidid: 0000-0001-5103-8541 surname: Vieira fullname: Vieira, Marco organization: Centre for Informatics and Systems of the University of Coimbra, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal |
| BookMark | eNp9kU1LxDAQhoMouK7-Ai8Fj8uu-WiS5rgWv2BBwY9rSJPJmqU2a9pV9NdbrYp4MJcJwzzvDDx7aLuJDSB0SPCMEKyO52V5enMzo5iSGSMUs1xtoRElQk0ZZ2L7138XHbTtCvev6FtcjtBZ-WCSsR2k8BaaZXay8R5SdvUMydfxJbvf1A0kU4U6dAHaLDTZwqQlZOVxOZlk1ymuwHbtPtrxpm7h4KuO0d3Z6W15MV1cnV-W88XUMsrUlHisrMMcM6YIlnlVFDbnijIiaCGx9ExU2AnJC89BiEIQ70RujXDWeSMrNkaXQ66LZqXXKTya9KqjCfqzEdNSm9QFW4PGnHBnaWWl53leceWckr7fCRWTkkKfdTRkrVN82kDb6VXcpKY_X1NeCK6wwnk_pYYpm2LbJvDahs50ITZdMqHWBOsPC3qwoD8s6C8LPcv-sN8X_08dDlQAgB-ityWwyNk7Wa2Spw |
| CODEN | IAECCG |
| CitedBy_id | crossref_primary_10_1016_j_cose_2022_102948 crossref_primary_10_3390_electronics14132703 crossref_primary_10_3390_electronics13234817 |
| Cites_doi | 10.1109/MINES.2012.202 10.1007/s11859-019-1380-z 10.1109/32.177364 10.1109/SP.2006.29 10.1109/ICSE.2013.6606613 10.1109/TSE.2006.38 10.2307/2529310 10.1109/MSP.2005.23 10.1109/ISSRE.2017.11 10.1007/s10664-011-9190-8 10.1109/DSN.2006.72 10.1109/ISSRE.2014.32 10.3390/s21072329 10.1109/ISSREW.2015.7392027 10.14722/ndss.2018.23158 10.1109/EDCC.2016.34 10.1145/1370788.1370793 10.1145/3377811.3380923 10.1177/001316446002000104 10.1007/s10664-017-9541-1 10.1109/MSP.2004.111 10.1109/TSE.2010.81 10.1109/ACCESS.2020.3041181 10.1016/j.infsof.2021.106614 10.1016/j.future.2019.09.009 10.1109/ICMLA.2018.00120 10.1109/LADC.2016.32 10.1109/TSE.1981.231113 10.1007/978-81-322-2268-2_59 10.1109/SYNASC.2017.00035 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021 |
| DBID | 97E ESBDL RIA RIE AAYXX CITATION 7SC 7SP 7SR 8BQ 8FD JG9 JQ2 L7M L~C L~D DOA |
| DOI | 10.1109/ACCESS.2021.3120349 |
| DatabaseName | IEEE Xplore (IEEE) IEEE Xplore Open Access Journals IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Engineered Materials Abstracts METADEX Technology Research Database Materials Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef Materials Research Database Engineered Materials Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace METADEX Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Materials Research Database |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website – sequence: 2 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 2169-3536 |
| EndPage | 142892 |
| ExternalDocumentID | oai_doaj_org_article_0515dc2bc7f544b59dd97f74beb3772e 10_1109_ACCESS_2021_3120349 9576064 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Project “AIDA—Adaptive, Intelligent and Distributed Assurance Platform” co-financed by the European Regional Development Fund (ERDF) and COMPETE 2020 grantid: POCI-01-0247-FEDER-045907 funderid: 10.13039/501100001871 – fundername: FCT under Carnegie Mellon University (CMU) Portugal funderid: 10.13039/100008047 – fundername: Project METRICS through FCT grantid: POCI-01-0145-FEDER-032504 funderid: 10.13039/501100001871 – fundername: Portuguese Foundation for Science and Technology (FCT) grantid: 2020.04503.BD |
| GroupedDBID | 0R~ 4.4 5VS 6IK 97E AAJGR ABAZT ABVLG ACGFS ADBBV AGSQL ALMA_UNASSIGNED_HOLDINGS BCNDV BEFXN BFFAM BGNUA BKEBE BPEOZ EBS EJD ESBDL GROUPED_DOAJ IPLJI JAVBF KQ8 M43 M~E O9- OCL OK1 RIA RIE RNS AAYXX CITATION 7SC 7SP 7SR 8BQ 8FD JG9 JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c3239-1f09cd0503391074b88c459231628707f36b0d6758f5e66861fd64ca6dcdfa7b3 |
| IEDL.DBID | RIE |
| ISSN | 2169-3536 |
| IngestDate | Fri Oct 03 12:43:28 EDT 2025 Mon Jun 30 06:13:20 EDT 2025 Sat Nov 29 06:31:39 EST 2025 Tue Nov 18 21:08:02 EST 2025 Wed Aug 27 02:28:58 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| License | https://creativecommons.org/licenses/by/4.0/legalcode |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c3239-1f09cd0503391074b88c459231628707f36b0d6758f5e66861fd64ca6dcdfa7b3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0001-8376-6711 0000-0001-5103-8541 0000-0003-0717-3396 |
| OpenAccessLink | https://ieeexplore.ieee.org/document/9576064 |
| PQID | 2586590904 |
| PQPubID | 4845423 |
| PageCount | 14 |
| ParticipantIDs | proquest_journals_2586590904 crossref_primary_10_1109_ACCESS_2021_3120349 doaj_primary_oai_doaj_org_article_0515dc2bc7f544b59dd97f74beb3772e ieee_primary_9576064 crossref_citationtrail_10_1109_ACCESS_2021_3120349 |
| PublicationCentury | 2000 |
| PublicationDate | 20210000 2021-00-00 20210101 2021-01-01 |
| PublicationDateYYYYMMDD | 2021-01-01 |
| PublicationDate_xml | – year: 2021 text: 20210000 |
| PublicationDecade | 2020 |
| PublicationPlace | Piscataway |
| PublicationPlace_xml | – name: Piscataway |
| PublicationTitle | IEEE access |
| PublicationTitleAbbrev | Access |
| PublicationYear | 2021 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | (ref23) 2021 ref13 ref56 ref12 watson (ref31) 1996 ref14 campbell (ref27) 2013 ref55 ref11 ref54 ref10 ref17 ref16 ref51 gosain (ref30) 2015 ref50 shostack (ref37) 2014 ref46 ref45 (ref19) 2021 kratkiewicz (ref15) 2005 ref47 chess (ref8) 2007 ref43 (ref1) 2018 kresowaty (ref24) 2008 turpin (ref5) 2010 (ref18) 2006 ref9 ref35 (ref4) 2021 ref34 ref36 van der stock (ref53) 2017 jia (ref41) 2017 (ref28) 2021 al-boghdady (ref52) 2021; 21 ref33 ref32 (ref44) 2011 ref39 ref38 (ref40) 2005 marjamäki (ref48) 2019 jaffee (ref2) 2020 haller (ref42) 2013 boehm (ref7) 1981 freitez (ref29) 2009 ref25 ref20 ref22 ref21 wheeler (ref49) 2019 (ref26) 2021 (ref6) 2021 zurier (ref3) 2021 |
| References_xml | – ident: ref20 doi: 10.1109/MINES.2012.202 – ident: ref51 doi: 10.1007/s11859-019-1380-z – ident: ref45 doi: 10.1109/32.177364 – ident: ref25 doi: 10.1109/SP.2006.29 – ident: ref13 doi: 10.1109/ICSE.2013.6606613 – ident: ref38 doi: 10.1109/TSE.2006.38 – ident: ref47 doi: 10.2307/2529310 – year: 2020 ident: ref2 publication-title: COVID-19 Accounts For Most 2020 Cyberattacks – ident: ref21 doi: 10.1109/MSP.2005.23 – ident: ref12 doi: 10.1109/ISSRE.2017.11 – year: 1996 ident: ref31 article-title: Structured testing: A testing methodology using the cyclomatic complexity metric – start-page: 1 year: 2009 ident: ref29 article-title: Software vulnerabilities, prevention and detection methods: A review publication-title: SEC-MDA Security in Model Driven Architecture – ident: ref55 doi: 10.1007/s10664-011-9190-8 – ident: ref17 doi: 10.1109/DSN.2006.72 – ident: ref9 doi: 10.1109/ISSRE.2014.32 – year: 2019 ident: ref48 publication-title: Cppcheck-A Tool for Static C/C++ Code Analysis 2007 – year: 2006 ident: ref18 publication-title: CWE-119 Improper Restriction of Operations With in the Bounds of a Memory Buffer – year: 2021 ident: ref28 publication-title: Coverity static application security testing – volume: 21 start-page: 2329 year: 2021 ident: ref52 article-title: The presence, trends, and causes of security vulnerabilities in operating systems of IoT's low-end devices publication-title: SENSORS doi: 10.3390/s21072329 – year: 2021 ident: ref6 publication-title: The SEI CERT C++ Coding Standard – year: 2021 ident: ref26 publication-title: Parasoft CPPTest-C/C++ Static Code Analysis – year: 2021 ident: ref4 publication-title: What are the Most Secure Programming Languages? – ident: ref33 doi: 10.1109/ISSREW.2015.7392027 – ident: ref39 doi: 10.14722/ndss.2018.23158 – ident: ref35 doi: 10.1109/EDCC.2016.34 – year: 2021 ident: ref3 publication-title: Security Spending Will Top 40% in Most 2021 IT Budgets – ident: ref16 doi: 10.1145/1370788.1370793 – year: 2021 ident: ref23 publication-title: SpotBugs – start-page: 19 year: 2005 ident: ref15 article-title: Using a diagnostic corpus of C programs to evaluate buffer overflow detection by static analysis tools publication-title: Proc Workshop Eval Softw Defect Detection Tools – start-page: 989 year: 2017 ident: ref41 article-title: Towards efficient heap overflow discovery publication-title: Proc 26th USENIX Secur Symp (USENIX Secur ) – ident: ref43 doi: 10.1145/3377811.3380923 – ident: ref46 doi: 10.1177/001316446002000104 – ident: ref36 doi: 10.1007/s10664-017-9541-1 – year: 2021 ident: ref19 publication-title: Common Weakness Enumeration – ident: ref22 doi: 10.1109/MSP.2004.111 – ident: ref10 doi: 10.1109/TSE.2010.81 – ident: ref14 doi: 10.1109/ACCESS.2020.3041181 – year: 2014 ident: ref37 publication-title: Threat Modeling Designing for Security – start-page: 49 year: 2013 ident: ref42 article-title: Dowsing for overflows: A guided fuzzer to find buffer boundary violations publication-title: Proc 22nd USENIX Secur Symp (USENIX Secur ) – year: 1981 ident: ref7 publication-title: Software Engineering Economics – ident: ref34 doi: 10.1016/j.infsof.2021.106614 – year: 2011 ident: ref44 publication-title: SciTools Understand-Metrics – year: 2017 ident: ref53 publication-title: OWASP Top 10-2017-The Ten Most Critical Web Application Security Risks – ident: ref56 doi: 10.1016/j.future.2019.09.009 – year: 2018 ident: ref1 publication-title: Information Technology-Security Techniques-Information Security Management Systems-Overview and Vocabulary – ident: ref50 doi: 10.1109/ICMLA.2018.00120 – year: 2005 ident: ref40 publication-title: National Vulnerability Database – year: 2013 ident: ref27 publication-title: SonarQube in Action – ident: ref11 doi: 10.1109/LADC.2016.32 – year: 2010 ident: ref5 publication-title: OWASP Secure Coding Practices-Quick Reference Guide-OWASP – year: 2007 ident: ref8 publication-title: Secure Programming with Static Analysis – ident: ref54 doi: 10.1109/TSE.1981.231113 – year: 2019 ident: ref49 publication-title: Flawfinder 2001 – start-page: 581 year: 2015 ident: ref30 article-title: Static analysis: A survey of techniques and tools publication-title: Intelligent Computing and Applications doi: 10.1007/978-81-322-2268-2_59 – ident: ref32 doi: 10.1109/SYNASC.2017.00035 – year: 2008 ident: ref24 article-title: FxCop and code analysis: Writing your own custom rules |
| SSID | ssj0000816957 |
| Score | 2.2970326 |
| Snippet | Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by... |
| SourceID | doaj proquest crossref ieee |
| SourceType | Open Website Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 142879 |
| SubjectTerms | buffer overflow Buffers C plus plus C++ (programming language) Codes Memory management orthogonal defect classification (ODC) Overflow Security Software Software metrics Software security Software systems Static analysis static code analysis Vulnerability vulnerability detection |
| SummonAdditionalLinks | – databaseName: DOAJ Directory of Open Access Journals dbid: DOA link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LSwMxEA5SPOhB1CpWq-TgrS7dRzabHNvF4kFqDyq9hTyhULbSh4K_3szudqkIevEaZh-ZmU3myw7fh9CtIZEzRLKAaaoDEkkXKBWZQHIrid8wDdeV2EQ2HrPplE92pL6gJ6yiB64c1wcNEqNjpTOXEqJSbgzPXEaUR4G-MrSw-vqqZwdMlWswiyhPs5pmKAp5f5DnfkYeEMaRx6kx0LJ824pKxv5aYuXHulxuNqNjdFRXiXhQvd0J2rPFKTrc4Q5so1HeUC1_-gE83IDSCX7yqenmiw_8upkDoXTZ--rRMJ4V-BG6vnHez3s9PKlOYFZn6GV0_5w_BLUoQqCTOOFB5EKuDbC4JByaKRVjmqRQplH4Z5m5hKrQAAxwqaWUUR8LSrSkRhsnM5Wco1axKOwFwkora6wlMmHSWxgpSUKUsWHqpIdpWQfFW_8IXTOGg3DFXJTIIeSicqoAp4raqR1011z0VhFm_G4-BMc3psB2XQ74HBB1Doi_cqCD2hC25iY-8h6XkQ7qbsMo6i9zJeKU0ZSHPCSX__HoK3QA06kOZbqotV5u7DXa1-_r2Wp5UyblF9Ba4tU priority: 102 providerName: Directory of Open Access Journals |
| Title | Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects |
| URI | https://ieeexplore.ieee.org/document/9576064 https://www.proquest.com/docview/2586590904 https://doaj.org/article/0515dc2bc7f544b59dd97f74beb3772e |
| Volume | 9 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals customDbUrl: eissn: 2169-3536 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000816957 issn: 2169-3536 databaseCode: DOA dateStart: 20130101 isFulltext: true titleUrlDefault: https://www.doaj.org/ providerName: Directory of Open Access Journals – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 2169-3536 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000816957 issn: 2169-3536 databaseCode: M~E dateStart: 20130101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PTxQxFH4B4kEPKqJhFUgP3mDc-dFpp0eYsPEgyEEIt6Y_E5LNLmFZTDz4t_tep0w0GhIvk0mnnbTztdN-r6_fA_joeRU9N13ROeEKXplYWFv5wqhgOE6YXrkh2IQ8P--ur9XFBhyNZ2FCCMn5LHyi27SX75duTaayqcLFMU6hm7AppRzOao32FAoggc-zsFBVqulx32MbkALWFTLTmoRY_ph8kkZ_Dqry1584TS-zV_9XsdfwMi8j2fGA-zZshMUbePGbuOAOzPpRi_kHJrCTNYVCYV-x78b58ju7Ws9JcTo5xyJdZjcL9oXcwlk_7Q8P2cVgolm9hcvZ6bf-c5GjJhSuqRtVVLFUzpPMS6PI29J2neMtreMEbWrK2AhbeuIJsQ1CdALBEtwZ4Z2PRtrmHWwtlouwC8w6G3wI3DSdwRzeGN5w60PZRoM8Tk6gfvyc2mVJcYpsMdeJWpRKDxhowkBnDCZwNBa6HRQ1ns5-QjiNWUkOOyUgADqPLk2BaryrrZOx5dy2ynslI7Y92AbpQ5jADoE2viTjNYG9R9R1HrorXbedaFWpSv7-36U-wHOq4GCH2YOt-7t12Idn7uH-ZnV3kEg9Xs9-nh6kHvoLB0HhmQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT9wwEB4BrUQ59AFUXaDUh94gbB6OEx8h6oqK7ZYDrbhZfkorrXYrlm0lfj0ziYmoipB6i6xxZOcbZzzj8TcAnx3PguO6TmorbMIzHRJjMpdo6TVHg-mk7YpNVJNJfX0tL9fguL8L471vk8_8CT22Z_luYVcUKhtK3ByjCV2HFyXnedbd1uojKlRCAiUitVCWyuFp0-As0AnMM_RNc6Ji-cv8tCz9sazKP__i1sCM3vzf0N7C67iRZKcd8u9gzc-3YesRveAOjJqejfkOG9jZioqhsO-ovWG2-MN-rmbEOd2mx6LDzKZzNqbEcNYMm6MjdtkFaZa78GP05ao5T2LdhMQWeSGTLKTSOiJ6KSTlW5q6tryknZygY80qFMKkjjyFUHohaoFwCW61cNYFXZniPWzMF3P_AZixxjvvuS5qjRJOa15w43xaBo2eXDWA_OFzKhtJxam2xUy1zkUqVYeBIgxUxGAAx32nXx2nxvPiZ4RTL0qE2G0DAqDi-lJUqsbZ3NgqoG6YUjonq4Bz96ZAB8IPYIdA618S8RrAwQPqKi7epcrLWpQylSnfe7rXJ9g8v_o2VuOvk4t9eEWD7aIyB7Bxe7PyH-Gl_X07Xd4cthp6D0fl4ro |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Characterizing+Buffer+Overflow+Vulnerabilities+in+Large+C%2FC%2B%2B+Projects&rft.jtitle=IEEE+access&rft.au=Pereira%2C+Jose+D%27Abruzzo&rft.au=Ivaki%2C+Naghmeh&rft.au=Vieira%2C+Marco&rft.date=2021&rft.pub=IEEE&rft.eissn=2169-3536&rft.volume=9&rft.spage=142879&rft.epage=142892&rft_id=info:doi/10.1109%2FACCESS.2021.3120349&rft.externalDocID=9576064 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon |