Down icon indicating copy to clipboard operation
Down copied to clipboard

Published 20 hours ago verified publisher icon johnxnguyen

SAST flagged: Format strings can be influenced by an attacker

Open ps-vm opened this issue 2 years ago • 0 comments

Please help prevent duplicate issues before submitting a new one:

  • [ x] I've searched other open/closed issues for duplicates before opening up this new issue.

Report

Our SAST report picked up a high vulnerability within this library

  • "If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134)."

What did you do?

Configured SAST to run within GitLab pipelines for our iOS project.

What did you expect to happen?

No high vulnerabilities

What happened instead?

Three high vulnerabilities related to this library has been flagged, two of which are in the cmark/config.h file. We're on the latest version of this library and need to be able to reduce all critical and high vulnerabilities in order to ensure we're releasing secure products.

ps-vm avatar Jun 08 '22 08:06 ps-vm