While processing the buffer using printf/scanf, not using any width for the format specifier %s is vulnerable to buffer overflow CXX-S1004
Security
Major
cwe-120
Using I/O operations such as printf and scanf without setting width limits for format strings can allow for buffer overflow when reading from a stdin pipe or writing to a stdout pipe.
You can limit the width for format strings by providing it between the % and s,
as the <width>(any positive decimal integer).
Such as this: %<width>s.
Limit the width of string specifiers by adding a maximum width for I/O operations, as outlined above.
Bad practice
char str[10];
scanf("%s", str);
Recommended
char str[10];
scanf("%10s", str);