search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
178 stars 31 forks source link

RVD#1216: CWE-119/CWE-120 (buffer), Statically-sized arrays can be improperly restricted, leading to poten... @ /comm/reverse_interface.h:111 #1216

Closed vmayoral closed 4 years ago

vmayoral commented 4 years ago 
{
    "title": "RVD#1216: CWE-119/CWE-120 (buffer), Statically-sized arrays can be improperly restricted, leading to poten... @ /comm/reverse_interface.h:111",
    "system": "/opt/ros_ur_ws/src/Universal_Robots_ROS_Driver/ur_robot_driver/include/ur_robot_driver/comm/reverse_interface.h:111:5",
    "cve": "None",
    "mitigation": {
        "date-mitigation": "",
        "pull-request": "",
        "description": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length"
    },
    "description": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. . Happening @ .../comm/reverse_interface.h:111",
    "id": 1216,
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/1216"
    ],
    "severity": {
        "rvss-vector": "",
        "cvss-vector": "",
        "severity-description": "",
        "rvss-score": 0,
        "cvss-score": 0
    },
    "vendor": null,
    "exploitation": {
        "exploitation-image": "",
        "exploitation-vector": "",
        "description": ""
    },
    "keywords": [
        "flawfinder",
        "flawfinder_level_2",
        "static analysis",
        "testing",
        "triage",
        "CWE-119",
        "CWE-120",
        "bug"
    ],
    "type": "bug",
    "cwe": [
        "CWE-119",
        "CWE-120"
    ],
    "flaw": {
        "specificity": "subject-specific",
        "subsystem": "N/A",
        "reproducibility": "always",
        "phase": "testing",
        "languages": "None",
        "package": "N/A",
        "reported-by": "Alias Robotics",
        "application": "N/A",
        "architectural-location": "application-specific",
        "detected-by-method": "testing static",
        "date-detected": "2020-01-21 (12:07)",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1216",
        "reproduction-image": "",
        "trace": "(context) char buffer[buf_len];",
        "reproduction": "See artifacts below (if available)",
        "detected-by": "Alias Robotics",
        "date-reported": "2020-01-21 (12:07)",
        "reported-by-relationship": "automatic"
    }
}
vmayoral commented 4 years ago

This one seems interesting but code seems to have changed since then.

Needs further research.

vmayoral commented 4 years ago

Rerunned the pipeline and didn't find it again, code seems to have changes since it was first detected. Closing here.