Hi Team, https://github.com/torproject/tor/blob/master/src/lib/err/backtrace.c#L267-L268 i.e strncat(version, " ", sizeof(version)-1); strncat(version, tor_version, sizeof(version)-1); Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) such as (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. I feel the risk is high because the length parameter appears to be a constant, instead of computing the number of characters left. Request team to please have a look and validate. Regards Dhiraj **Trac**: **Username**: Dhiraj