Closed rvd-bot closed 3 years ago
id: 2661 title: 'RVD#2661: printf, temcmds/tests/test_time.c:128, ...' type: bug description: "Check to be sure that the non-constant format string passed as argument\ \ 1 \n to this function call does not come from an untrusted source that could\n\ \ have added formatting characters that the code is not prepared to handle. @\ \ /opt/px4_ws/Firmware/src/systemcmds/tests/test_time.c128, \n/opt/px4_ws/Firmware/boards/emlid/navio2/navio_rgbled/test/test.cpp65,\ \ \n/opt/px4_ws/Firmware/platforms/qurt/src/px4/common/px4_qurt_impl.cpp79, \n" cwe: None cve: None keywords: - rats - static analysis - testing - triage - bug - 'version: v1.10.2' - 'robot component: PX4' - components software system: '' vendor: null severity: rvss-score: 0 rvss-vector: '' severity-description: '' cvss-score: 0 cvss-vector: '' links: - https://github.com/aliasrobotics/RVD/issues/2661 flaw: phase: testing specificity: subject-specific architectural-location: application-specific application: N/A subsystem: N/A package: N/A languages: None date-detected: 2020-06-29 (12:39) detected-by: Alias Robotics detected-by-method: testing static date-reported: 2020-06-29 (12:39) reported-by: Alias Robotics reported-by-relationship: automatic issue: https://github.com/aliasrobotics/RVD/issues/2661 reproducibility: always trace: '' reproduction: See artifacts below (if available) reproduction-image: gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_px4/-/jobs/615577396/artifacts/download exploitation: description: '' exploitation-image: '' exploitation-vector: '' exploitation-recipe: '' mitigation: description: '' pull-request: '' date-mitigation: ''
Ticket is still missing triage. Closing for inactivity