Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Code Security Report: 3 high severity findings, 4 total findings [develop] #37

Open
1 task
mend-for-github-com bot opened this issue Jan 15, 2025 · 0 comments
Open
1 task

Code Security Report: 3 high severity findings, 4 total findings [develop] #37

mend-for-github-com bot opened this issue Jan 15, 2025 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:53pm
Total Findings: 4 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 66
Detected Programming Languages: 2 (C/C++ (Beta), Python*)

  • Check this box to manually trigger a scan

Finding Details

SeverityVulnerability TypeCWEFileData FlowsDetected
HighUse After Free

CWE-416

fcache.c:438

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/kdumpfile/fcache.c

Lines 433 to 438 in 4aa6565

fch->data = fces->data;
fch->fces = fces;
} else {
if (fces) {
memcpy(fch->embed_fces, fces, nent * sizeof(*fces));
free(fces);

1 Data Flow/s detected

libkdumpfile/src/kdumpfile/fcache.c

Line 438 in 4aa6565

free(fces);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Use After Free Training

● Videos

   ▪ Secure Code Warrior Use After Free Video

 
HighDouble Free

CWE-415

fcache.c:438

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/kdumpfile/fcache.c

Lines 433 to 438 in 4aa6565

fch->data = fces->data;
fch->fces = fces;
} else {
if (fces) {
memcpy(fch->embed_fces, fces, nent * sizeof(*fces));
free(fces);

1 Data Flow/s detected

libkdumpfile/src/kdumpfile/fcache.c

Line 438 in 4aa6565

free(fces);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Double Free Training

● Videos

   ▪ Secure Code Warrior Double Free Video

 
HighOut of Buffer Bounds Write

CWE-787

errmsg.h:140

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/errmsg.h

Lines 135 to 140 in 4aa6565

newbuf = realloc(err->dyn, 1 + curlen + msglen + 1);
if (newbuf) {
if (err->dyn <= msg && msg <= err->dyn + 1)
msg += newbuf - err->dyn;
err->dyn = newbuf;
memmove(newbuf + msglen + 1, msg, curlen + 1);

1 Data Flow/s detected

libkdumpfile/src/errmsg.h

Line 140 in 4aa6565

memmove(newbuf + msglen + 1, msg, curlen + 1);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Out of Buffer Bounds Write Training

● Videos

   ▪ Secure Code Warrior Out of Buffer Bounds Write Video

 
MediumTime of Check Time of Use

CWE-367

devmem.c:91

12025-01-15 05:55pm
Vulnerable Code

libkdumpfile/src/kdumpfile/devmem.c

Lines 86 to 91 in 4aa6565

if (access(FN_XEN, F_OK) != 0)
return KDUMP_OK; /* No Xen */
ret = KDUMP_OK;
xen_type = KDUMP_XEN_DOMAIN;
f = fopen(FN_XEN_CAPS, "r");

1 Data Flow/s detected

libkdumpfile/src/kdumpfile/devmem.c

Line 91 in 4aa6565

f = fopen(FN_XEN_CAPS, "r");

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Time of Check Time of Use Training

● Videos

   ▪ Secure Code Warrior Time of Check Time of Use Video
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Jan 15, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Milestone
No milestone
Development

No branches or pull requests
0 participants