XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None

      A group of Findings has been pushed to JIRA to be investigated and fixed:

      Group

      Group: High in test/PSSECAUT-317 / irqbalance-1.9.2-3.el9 / csmock Scan (SARIF)

      Severity: High

      Findings

      The Value From Recv, a Standard Library Function That Can Return a Negative Value Is Used as an Index. A Negative Array Index Can Lead to [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974089 (2974089)
      Severity: High

      CWE: CWE-125
      CVE: Unknown

      Source File: irqbalance-1.9.2/ui/irqbalance-ui.c

      Source Line: 128

      Description:
      *Result message:* The value from recv, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.
      *Snippet:*
      ```Problem detected in this context:
      126|
      127| char *data = malloc(default_bufsz);
      128|-> int len = recv(socket_fd, data, default_bufsz, MSG_TRUNC);
      129| close(socket_fd);
      130| data[len] = '\0';```
      *Code flow:*
      1. irqbalance-1.9.2/ui/irqbalance-ui.c:L128:C12
      The value from recv, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.

      References:
      https://cwe.mitre.org/data/definitions/125.html

      Reporter: (ccota) ()

            Unassigned Unassigned
            defectdojo-prodsec Defect Dojo
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: