stringio is vulnerable to Buffer over-read. The vulnerability is due to improper bounds checking in the ungetbyte
and ungetc
methods, It allows an attacker to potentially access uninitialized or freed memory content, leading to the exposure of sensitive data.