Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Report: 3 high severity findings, 4 total findings [develop] #37

Open
1 task
mend-for-github-com bot opened this issue Jan 15, 2025 · 0 comments
Open
1 task

Code Security Report: 3 high severity findings, 4 total findings [develop] #37

mend-for-github-com bot opened this issue Jan 15, 2025 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:53pm
Total Findings: 4 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 66
Detected Programming Languages: 2 (C/C++ (Beta), Python*)

  • Check this box to manually trigger a scan

Finding Details

SeverityVulnerability TypeCWEFileData FlowsDetected
HighUse After Free

CWE-416

fcache.c:438

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/kdumpfile/fcache.c

Lines 433 to 438 in 4aa6565

fch->data = fces->data;
fch->fces = fces;
} else {
if (fces) {
memcpy(fch->embed_fces, fces, nent * sizeof(*fces));
free(fces);

1 Data Flow/s detected

libkdumpfile/src/kdumpfile/fcache.c

Line 438 in 4aa6565

free(fces);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Use After Free Training

● Videos

   ▪ Secure Code Warrior Use After Free Video

 
HighDouble Free

CWE-415

fcache.c:438

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/kdumpfile/fcache.c

Lines 433 to 438 in 4aa6565

fch->data = fces->data;
fch->fces = fces;
} else {
if (fces) {
memcpy(fch->embed_fces, fces, nent * sizeof(*fces));
free(fces);

1 Data Flow/s detected

libkdumpfile/src/kdumpfile/fcache.c

Line 438 in 4aa6565

free(fces);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Double Free Training

● Videos

   ▪ Secure Code Warrior Double Free Video

 
HighOut of Buffer Bounds Write

CWE-787

errmsg.h:140

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/errmsg.h

Lines 135 to 140 in 4aa6565

newbuf = realloc(err->dyn, 1 + curlen + msglen + 1);
if (newbuf) {
if (err->dyn <= msg && msg <= err->dyn + 1)
msg += newbuf - err->dyn;
err->dyn = newbuf;
memmove(newbuf + msglen + 1, msg, curlen + 1);

1 Data Flow/s detected

libkdumpfile/src/errmsg.h

Line 140 in 4aa6565

memmove(newbuf + msglen + 1, msg, curlen + 1);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Out of Buffer Bounds Write Training

● Videos

   ▪ Secure Code Warrior Out of Buffer Bounds Write Video

 
MediumTime of Check Time of Use

CWE-367

devmem.c:91

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/kdumpfile/devmem.c

Lines 86 to 91 in 4aa6565

if (access(FN_XEN, F_OK) != 0)
return KDUMP_OK; /* No Xen */
ret = KDUMP_OK;
xen_type = KDUMP_XEN_DOMAIN;
f = fopen(FN_XEN_CAPS, "r");

1 Data Flow/s detected

libkdumpfile/src/kdumpfile/devmem.c

Line 91 in 4aa6565

f = fopen(FN_XEN_CAPS, "r");

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Time of Check Time of Use Training

● Videos

   ▪ Secure Code Warrior Time of Check Time of Use Video
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Milestone
No milestone
Development

No branches or pull requests
0 participants