Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Security Report: 2 high severity findings, 4 total findings [develop] #9

Open
1 task
mend-for-github-com bot opened this issue Jan 15, 2025 · 0 comments
Open
1 task
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link
Contributor

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:54pm
Total Findings: 4 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 65
Detected Programming Languages: 1 (C/C++ (Beta))

  • Check this box to manually trigger a scan

Finding Details

SeverityVulnerability TypeCWEFileData FlowsDetected
HighInteger Overflow

CWE-190

sparc64.c:97

32025-01-15 05:56pm
Vulnerable Code

ERRMSG("Can't get symbol of vmemmap_table\n");
return NOT_PADDR;
}
index = offset >> NR_CHUNKS_SHIFT;
if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

3 Data Flow/s detected
View Data Flow 1

if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

View Data Flow 2

if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

View Data Flow 3

if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Integer Overflow Training

● Videos

   ▪ Secure Code Warrior Integer Overflow Video

 
HighInteger Overflow

CWE-190

sparc64.c:92

32025-01-15 05:56pm
Vulnerable Code

ERRMSG("Can't get symbol of vmemmap_table\n");
return NOT_PADDR;
}
index = offset >> NR_CHUNKS_SHIFT;
if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

3 Data Flow/s detected
View Data Flow 1

if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

View Data Flow 2

if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

View Data Flow 3

if (!readmem(VADDR, vmemmap_table + (index * sizeof(long)),

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Integer Overflow Training

● Videos

   ▪ Secure Code Warrior Integer Overflow Video

 
LowDivide By Zero

CWE-369

x86_64.c:706

12025-01-15 05:56pm
Vulnerable Code

makedumpfile/arch/x86_64.c

Lines 701 to 706 in 616b79b

pgd_index = pgd_index(vaddr_base);
pgd_addr = vaddr_to_paddr(init_level4_pgt); /* address of pgd */
pgd_addr += pgd_index * sizeof(unsigned long);
page_structs_per_pud = (PTRS_PER_PUD * PTRS_PER_PMD * info->page_size) /
pagestructsize;
num_puds = (high_pfn + page_structs_per_pud - 1) / page_structs_per_pud;

1 Data Flow/s detected

num_puds = (high_pfn + page_structs_per_pud - 1) / page_structs_per_pud;

Secure Code Warrior Training Material
 
LowDivide By Zero

CWE-369

x86_64.c:706

12025-01-15 05:56pm
Vulnerable Code

pgd_index = pgd_index(vaddr_base);
pgd_addr = vaddr_to_paddr(init_level4_pgt); /* address of pgd */
pgd_addr += pgd_index * sizeof(unsigned long);
page_structs_per_pud = (PTRS_PER_PUD * PTRS_PER_PMD * info->page_size) /
pagestructsize;
num_puds = (high_pfn + page_structs_per_pud - 1) / page_structs_per_pud;

1 Data Flow/s detected

num_puds = (high_pfn + page_structs_per_pud - 1) / page_structs_per_pud;

Secure Code Warrior Training Material
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Mend: code security findings Code security findings detected by Mend
Development

No branches or pull requests

0 participants