-
Bug
-
Resolution: Unresolved
-
Major
-
None
A group of Findings has been pushed to JIRA to be investigated and fixed:
Group
Group: High in test/PSSECAUT-317 / irqbalance-1.9.2-3.el9 / csmock Scan (SARIF)
Severity | CVE | CWE | Component | Version | Title | Status |
---|---|---|---|---|---|---|
High | None | 125 | None | None | The Value From Recv, a Standard Library Function That Can Return a Negative Value Is Used as an Index. A Negative Array Index Can Lead to [...] | Active |
Severity: High
Findings
The Value From Recv, a Standard Library Function That Can Return a Negative Value Is Used as an Index. A Negative Array Index Can Lead to [...]
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974089 (2974089)
Severity: High
CWE: CWE-125
CVE: Unknown
Source File: irqbalance-1.9.2/ui/irqbalance-ui.c
Source Line: 128
Description:
*Result message:* The value from recv, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.
*Snippet:*
```Problem detected in this context:
126|
127| char *data = malloc(default_bufsz);
128|-> int len = recv(socket_fd, data, default_bufsz, MSG_TRUNC);
129| close(socket_fd);
130| data[len] = '\0';```
*Code flow:*
1. irqbalance-1.9.2/ui/irqbalance-ui.c:L128:C12
The value from recv, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.
References:
https://cwe.mitre.org/data/definitions/125.html
Reporter: (ccota) ()