Code Security Report: 167 high severity findings, 256 total findings [develop]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:49pm
Total Findings: 256 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 1926
Detected Programming Languages: 2 (Python*, C/C++ (Beta))

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
High	Out of Buffer Bounds Write	CWE-787	net.c:442	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/net/net.c Lines 437 to 442 in 34ea034 grub_uint16_t newip[8]; const char *ptr = val; int word, quaddot = -1; int bracketed = 0; if (ptr[0] == '[') { 1 Data Flow/s detected grub2/grub-core/net/net.c Line 442 in 34ea034 if (ptr[0] == '[') { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	des.c:873	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/libgcrypt/cipher/des.c Lines 868 to 873 in 34ea034 int i; byte input[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}; byte key1[8] = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}; byte key2[8] = 1 Data Flow/s detected grub2/grub-core/lib/libgcrypt/cipher/des.c Line 873 in 34ea034 byte key2[8] = Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	twofish.c:887	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/libgcrypt/cipher/twofish.c Lines 882 to 887 in 34ea034 }; static const byte ciphertext[16] = { 0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85, 0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3 }; static byte plaintext_256[16] = { 1 Data Flow/s detected grub2/grub-core/lib/libgcrypt/cipher/twofish.c Line 887 in 34ea034 static byte plaintext_256[16] = { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	twofish.c:883	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/libgcrypt/cipher/twofish.c Lines 878 to 883 in 34ea034 }; static byte key[16] = { 0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32, 0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A }; static const byte ciphertext[16] = { 1 Data Flow/s detected grub2/grub-core/lib/libgcrypt/cipher/twofish.c Line 883 in 34ea034 static const byte ciphertext[16] = { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	platform.c:401	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/osdep/windows/platform.c Lines 396 to 401 in 34ea034 endp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; endp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; endp->length = sizeof (*endp); pathptr = endp + 1; entry[4] = (grub_uint8_t *) pathptr - path; 1 Data Flow/s detected grub2/grub-core/osdep/windows/platform.c Line 401 in 34ea034 entry[4] = (grub_uint8_t *) pathptr - path; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Use After Free	CWE-416	grub-mkrescue.c:784	1	2025-01-15 06:20pm
Vulnerable Code grub2/util/grub-mkrescue.c Lines 779 to 784 in 34ea034 make_image_fwdisk_abs (GRUB_INSTALL_PLATFORM_RISCV32_EFI, "riscv32-efi", imgname); free (imgname); imgname = grub_util_path_concat (2, efidir_efi_boot, "bootriscv64.efi"); make_image_fwdisk_abs (GRUB_INSTALL_PLATFORM_RISCV64_EFI, "riscv64-efi", 1 Data Flow/s detected grub2/util/grub-mkrescue.c Line 784 in 34ea034 make_image_fwdisk_abs (GRUB_INSTALL_PLATFORM_RISCV64_EFI, "riscv64-efi", Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
High	Out of Buffer Bounds Write	CWE-787	cast5.c:490	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/libgcrypt/cipher/cast5.c Lines 485 to 490 in 34ea034 #if 0 /* full maintenance test */ { int i; byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78, 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A }; byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78, 1 Data Flow/s detected grub2/grub-core/lib/libgcrypt/cipher/cast5.c Line 490 in 34ea034 byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78, Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	filenamecat-lgpl.c:84	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/gnulib/filenamecat-lgpl.c Lines 79 to 84 in 34ea034 if (base_in_result) *base_in_result = p; p = mempcpy (p, base, baselen); *p = '\0'; 1 Data Flow/s detected grub2/grub-core/lib/gnulib/filenamecat-lgpl.c Line 84 in 34ea034 *p = '\0'; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	cast5.c:473	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/libgcrypt/cipher/cast5.c Lines 468 to 473 in 34ea034 selftest(void) { CAST5_context c; byte key[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A }; byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; 1 Data Flow/s detected grub2/grub-core/lib/libgcrypt/cipher/cast5.c Line 473 in 34ea034 byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	cast5.c:471	1	2025-01-15 06:20pm
Vulnerable Code grub2/grub-core/lib/libgcrypt/cipher/cast5.c Lines 466 to 471 in 34ea034 static const char* selftest(void) { CAST5_context c; byte key[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 1 Data Flow/s detected grub2/grub-core/lib/libgcrypt/cipher/cast5.c Line 471 in 34ea034 byte key[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Integer Overflow	CWE-190	C/C++ (Beta)	7
High	Buffer Overflow	CWE-121	C/C++ (Beta)	15
High	Out of Buffer Bounds Write	CWE-787	C/C++ (Beta)	120
High	Use After Free	CWE-416	C/C++ (Beta)	18
High	Double Free	CWE-415	C/C++ (Beta)	7
Medium	Integer Underflow	CWE-191	C/C++ (Beta)	1
Medium	Out of Buffer Bounds Read	CWE-125	C/C++ (Beta)	67
Medium	Heap Inspection	CWE-244	C/C++ (Beta)	19
Low	Divide By Zero	CWE-369	C/C++ (Beta)	2