Code Security Report: 62 high severity findings, 69 total findings [develop]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:25pm
Total Findings: 69 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 218
Detected Programming Languages: 2 (Python*, C/C++ (Beta))

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
High	Use After Free	CWE-416	stropts.c:466	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/.pc/lp-2049262-2-mount.nfs-Use-default-minor-version-when-t-nfs4-is.patch/utils/mount/stropts.c Lines 461 to 466 in 9368a97 netid = nfs_get_netid(nfs_saddr->sa_family, nfs_pmap->pm_prot); if (netid == NULL) return 0; snprintf(new_option, sizeof(new_option) - 1, "proto=%s", netid); free(netid); 1 Data Flow/s detected nfs-utils/.pc/lp-2049262-2-mount.nfs-Use-default-minor-version-when-t-nfs4-is.patch/utils/mount/stropts.c Line 466 in 9368a97 free(netid); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
High	Use After Free	CWE-416	device-process.c:374	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/utils/blkmapd/device-process.c Lines 369 to 374 in 9368a97 if (dev) { *major = MAJOR(dev); *minor = MINOR(dev); } out_err: 1 Data Flow/s detected nfs-utils/utils/blkmapd/device-process.c Line 374 in 9368a97 out_err: Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
High	Use After Free	CWE-416	stropts.c:477	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/.pc/lp-2059197-3-mount.nfs-minorversion-setting-is-being-ignored-wit.patch/utils/mount/stropts.c Lines 472 to 477 in 9368a97 netid = nfs_get_netid(nfs_saddr->sa_family, nfs_pmap->pm_prot); if (netid == NULL) return 0; snprintf(new_option, sizeof(new_option) - 1, "proto=%s", netid); free(netid); 1 Data Flow/s detected nfs-utils/.pc/lp-2059197-3-mount.nfs-minorversion-setting-is-being-ignored-wit.patch/utils/mount/stropts.c Line 477 in 9368a97 free(netid); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
High	Use After Free	CWE-416	device-discovery.c:331	5	2025-01-15 05:28pm
Vulnerable Code nfs-utils/utils/blkmapd/device-discovery.c Lines 326 to 331 in 9368a97 != sizeof(reply)) { BL_LOG_ERR("Write pipefs error!\n"); ret = -EIO; } out: 5 Data Flow/s detected View Data Flow 1 nfs-utils/utils/blkmapd/device-discovery.c Line 331 in 9368a97 out: View Data Flow 2 nfs-utils/utils/blkmapd/device-discovery.c Line 331 in 9368a97 out: View Data Flow 3 nfs-utils/utils/blkmapd/device-discovery.c Line 331 in 9368a97 out: View more Data Flows Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
High	Double Free	CWE-415	sm-notify.c:221	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/.pc/21-no-more-var-run.patch/utils/statd/sm-notify.c Lines 216 to 221 in 9368a97 host->mon_name == NULL || host->my_name == NULL || host->notify_arg == NULL) { free(host->notify_arg); free((void *)host->my_name); free((void *)host->mon_name); 1 Data Flow/s detected nfs-utils/.pc/21-no-more-var-run.patch/utils/statd/sm-notify.c Line 221 in 9368a97 free((void *)host->mon_name); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Double Free Training ● Videos    ▪ Secure Code Warrior Double Free Video
High	Out of Buffer Bounds Write	CWE-787	cache.c:124	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/utils/mountd/cache.c Lines 119 to 124 in 9368a97 bp = buf; blen = sizeof(buf); qword_add(&bp, &blen, "nfsd"); qword_add(&bp, &blen, ipaddr); qword_adduint(&bp, &blen, time(0) + DEFAULT_TTL); if (use_ipaddr) { memmove(ipaddr + 1, ipaddr, strlen(ipaddr) + 1); 1 Data Flow/s detected nfs-utils/utils/mountd/cache.c Line 124 in 9368a97 memmove(ipaddr + 1, ipaddr, strlen(ipaddr) + 1); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	cache.c:375	2	2025-01-15 05:28pm
Vulnerable Code nfs-utils/utils/mountd/cache.c Lines 370 to 375 in 9368a97 blkid_val = get_uuid_blkdev(path); } if (rc == 0 && (st.f_fsid.__val[0] || st.f_fsid.__val[1])) snprintf(fsid_val, 17, "%08x%08x", 2 Data Flow/s detected View Data Flow 1 nfs-utils/utils/mountd/cache.c Line 375 in 9368a97 snprintf(fsid_val, 17, "%08x%08x", View Data Flow 2 nfs-utils/utils/mountd/cache.c Line 375 in 9368a97 snprintf(fsid_val, 17, "%08x%08x", Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Use After Free	CWE-416	stropts.c:457	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/.pc/lp-2025302-1-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch/utils/mount/stropts.c Lines 452 to 457 in 9368a97 netid = nfs_get_netid(nfs_saddr->sa_family, nfs_pmap->pm_prot); if (netid == NULL) return 0; snprintf(new_option, sizeof(new_option) - 1, "proto=%s", netid); free(netid); 1 Data Flow/s detected nfs-utils/.pc/lp-2025302-1-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch/utils/mount/stropts.c Line 457 in 9368a97 free(netid); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
High	Double Free	CWE-415	krb5_util.c:1098	1	2025-01-15 05:28pm
Vulnerable Code nfs-utils/utils/gssd/krb5_util.c Lines 1093 to 1098 in 9368a97 err = gssd_find_existing_krb5_ccache(uid, dirname, &cctype, &d); if (err) return err; snprintf(buf, sizeof(buf), "%s:%s/%s", cctype, dirname, d->d_name); free(d); 1 Data Flow/s detected nfs-utils/utils/gssd/krb5_util.c Line 1098 in 9368a97 free(d); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Double Free Training ● Videos    ▪ Secure Code Warrior Double Free Video
High	Out of Buffer Bounds Write	CWE-787	cacheio.c:169	9	2025-01-15 05:28pm
Vulnerable Code nfs-utils/support/nfs/cacheio.c Lines 164 to 169 in 9368a97 if (*bp != ' ' && *bp != '\n' && *bp != '\0') return -1; while (*bp == ' ') bp++; *bpp = bp; *dest = '\0'; 9 Data Flow/s detected View Data Flow 1 nfs-utils/support/nfs/cacheio.c Line 169 in 9368a97 *dest = '\0'; View Data Flow 2 nfs-utils/support/nfs/cacheio.c Line 169 in 9368a97 *dest = '\0'; View Data Flow 3 nfs-utils/support/nfs/cacheio.c Line 169 in 9368a97 *dest = '\0'; View more Data Flows Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Buffer Overflow	CWE-121	C/C++ (Beta)	6
High	Out of Buffer Bounds Write	CWE-787	C/C++ (Beta)	14
High	Use After Free	CWE-416	C/C++ (Beta)	24
High	Double Free	CWE-415	C/C++ (Beta)	17
High	Path/Directory Traversal	CWE-22	C/C++ (Beta)	1
Medium	Out of Buffer Bounds Read	CWE-125	C/C++ (Beta)	3
Medium	Time of Check Time of Use	CWE-367	C/C++ (Beta)	1
Low	Uncontrolled Memory Allocation	CWE-789	C/C++ (Beta)	1
Low	Use of Inherently Dangerous Function	CWE-242	C/C++ (Beta)	2