Closed rvd-bot closed 4 years ago
id: 3282 title: 'RVD#3282: sprintf, ander/mag_calibration.cpp:201,803, ...' type: bug description: "Check to be sure that the format string passed as argument 2 to this\n\ \ function call does not come from an untrusted source that could have added\n\ \ formatting characters that the code is not prepared to handle.\n Additionally,\ \ the format string could contain `%s' without precision that\n could result\ \ in a buffer overflow. @ /opt/px4_ws/Firmware/src/modules/commander/mag_calibration.cpp201,803,\ \ \n/opt/px4_ws/Firmware/src/modules/commander/PreflightCheck.cpp97,127,247,320,364,\ \ \n/opt/px4_ws/Firmware/src/modules/commander/gyro_calibration.cpp247,478, \n/opt/px4_ws/Firmware/src/modules/commander/accelerometer_calibration.cpp195,391,\ \ \n/opt/px4_ws/Firmware/src/modules/mavlink/mavlink_parameters.cpp146, \n/opt/px4_ws/Firmware/src/modules/uORB/uORB_tests/uORBTest_UnitTest.cpp128,\ \ \n/opt/px4_ws/Firmware/src/modules/sensors/voted_sensors_update.cpp240,328,435,\ \ \n" cwe: None cve: None keywords: - rats - static analysis - testing - triage - bug - 'version: v1.7.0' - 'robot component: PX4' - components software system: '' vendor: null severity: rvss-score: 0 rvss-vector: '' severity-description: '' cvss-score: 0 cvss-vector: '' links: - https://github.com/aliasrobotics/RVD/issues/3282 flaw: phase: testing specificity: subject-specific architectural-location: application-specific application: N/A subsystem: N/A package: N/A languages: None date-detected: 2020-06-29 (21:17) detected-by: Alias Robotics detected-by-method: testing static date-reported: 2020-06-29 (21:17) reported-by: Alias Robotics reported-by-relationship: automatic issue: https://github.com/aliasrobotics/RVD/issues/3282 reproducibility: always trace: '' reproduction: See artifacts below (if available) reproduction-image: gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_px4/-/jobs/616402716/artifacts/download exploitation: description: '' exploitation-image: '' exploitation-vector: '' exploitation-recipe: '' mitigation: description: '' pull-request: '' date-mitigation: ''