CVE-2022-44314

Name of the Vulnerable Software and Affected Versions PicoC version 3.2.2

Description A heap buffer overflow was discovered in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall, which is located in the PicoC programming language.

Recommendations For PicoC version 3.2.2, consider avoiding the use of the StringStrncpy function until a patch is available. As a temporary workaround, restrict the use of the ExpressionParseFunctionCall to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.