Rule Definition
When writing data to a memory buffer, it is vital to ensure that the size of the data does not exceed the size of the destination buffer. There tends to be loss of data or data being overwritten and disclosure of confidential information when the system goes into an unexpected state due to a buffer overflow exception. Failure to follow this guideline could allow attackers to control the flow of execution of your program and run arbitrary code at the same level of privilege as enjoyed by your program.

Remediation
Ensure adding ON OVERFLOW option when using STRING verb

Violation Code Sample

100000 PROGRAM-ID. OVERRUN.
100900
101000 DATA DIVISION.
101100   WORKING-STORAGE SECTION.
101200     01 WS-PTR      PIC 99.
101300     01 WS-FIRST    PIC X(5) VALUE 'FIRST'.
101400     01 WS-SECOND   PIC X(6) VALUE 'SECOND'.
101500     01 WS-THIRD    PIC X(5) VALUE 'THIRD'.
101600     01 WS-RESULT   PIC X(15).
101700
101800 PROCEDURE DIVISION.
101900     STRING WS-FIRST DELIMITED BY SIZE
102000       WS-SECOND DELIMITED BY SIZE
102100       WS-THIRD DELIMITED BY SPACE
102200       INTO WS-RESULT
102300       WITH POINTER WS-PTR
102400 STOP RUN.

Fixed Code Sample

100000 PROGRAM-ID. OVERRUN.
100900
101000 DATA DIVISION.
101100   WORKING-STORAGE SECTION.
101200     01 WS-PTR      PIC 99.
101300     01 WS-FIRST    PIC X(5) VALUE 'FIRST'.
101400     01 WS-SECOND   PIC X(6) VALUE 'SECOND'.
101500     01 WS-THIRD    PIC X(5) VALUE 'THIRD'.
101600     01 WS-RESULT   PIC X(15).
101700
101800 PROCEDURE DIVISION.
101900     STRING WS-FIRST DELIMITED BY SIZE
102000       WS-SECOND DELIMITED BY SIZE
102100       WS-THIRD DELIMITED BY SPACE
102200       INTO WS-RESULT
102300       WITH POINTER WS-PTR
102400       ON OVERFLOW DISPLAY 'OVERFLOW - POINTER OUT OF RANGE'.
102500 STOP RUN.

https://cwe.mitre.org/data/definitions/787.html https://www.owasp.org/index.php/A5_2004_Buffer_Overflow