Fortify Audit Workbench SANS Top 25 2011 Asterisx limpio results Table of Contents Executive Summary Project Descript
Views 59 Downloads 0 File size 643KB
Fortify Audit Workbench
SANS Top 25 2011 Asterisx limpio results
Table of Contents Executive Summary Project Description Issue Breakdown Issue Details Risky Resource Management - CWE ID 022 Insecure Interaction - CWE ID 078 Insecure Interaction - CWE ID 079 Insecure Interaction - CWE ID 089 Risky Resource Management - CWE ID 120 Risky Resource Management - CWE ID 131 Risky Resource Management - CWE ID 134 Risky Resource Management - CWE ID 190 Porous Defenses - CWE ID 250 Porous Defenses - CWE ID 306 Porous Defenses - CWE ID 307 Porous Defenses - CWE ID 311 Porous Defenses - CWE ID 327 Insecure Interaction - CWE ID 352 Insecure Interaction - CWE ID 434 Risky Resource Management - CWE ID 494 Insecure Interaction - CWE ID 601 Risky Resource Management - CWE ID 676 Porous Defenses - CWE ID 732 Porous Defenses - CWE ID 759 Porous Defenses - CWE ID 798 Porous Defenses - CWE ID 807 Risky Resource Management - CWE ID 829 Porous Defenses - CWE ID 862 Porous Defenses - CWE ID 863 Description of Key Terminology About Fortify Solutions
© Copyright [2008-2018] Micro Focus or one of its affiliates. The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
2
Executive Summary Asterisx limpio results
Project Name:
Issues by Priority
Project Version: SCA:
Results Present
WebInspect:
Results Not Present
WebInspect Agent:
Results Not Present
Other:
Results Not Present
716
861
High
Critical
Impact 95
0
Low
Medium
Likelihood SANS Top 25 2011 groups Insecure Interaction Porous Defenses Risky Resource Management
Total 0
Status PASS
3
FAIL
2722
FAIL
* The detailed sections following the Executive Summary contain specifics.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
3
Project Description This section provides an overview of the Fortify scan engines used for this project, as well as the project meta-information.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
4
Issue BreakDown The following table summarizes the number of issues identified across the different SANS Top 25 2011 categories and broken down by Fortify Priority Order. Insecure Interaction Critical Insecure Interaction - CWE ID 078 Insecure Interaction - CWE ID 079 Insecure Interaction - CWE ID 089 Insecure Interaction - CWE ID 352 Insecure Interaction - CWE ID 434 Insecure Interaction - CWE ID 601
0 0 0 0 0 0
Risky Resource Management Critical Risky Resource Management - CWE ID 022 Risky Resource Management - CWE ID 120 Risky Resource Management - CWE ID 131 Risky Resource Management - CWE ID 134 Risky Resource Management - CWE ID 190 Risky Resource Management - CWE ID 494 Risky Resource Management - CWE ID 676 Risky Resource Management - CWE ID 829
62 414 419 378 0 0 0 0
Porous Defenses Critical Porous Defenses - CWE ID 250 Porous Defenses - CWE ID 306 Porous Defenses - CWE ID 307 Porous Defenses - CWE ID 311 Porous Defenses - CWE ID 327 Porous Defenses - CWE ID 732 Porous Defenses - CWE ID 759 Porous Defenses - CWE ID 798 Porous Defenses - CWE ID 807 Porous Defenses - CWE ID 862 Porous Defenses - CWE ID 863
0 0 0 0 0 0 0 2 0 0 0
Fortify Priority High Medium 0 0 0 0 0 0
0 0 0 0 0 0
Fortify Priority High Medium 13 639 639 47 16 0 0 0
0 0 0 0 0 0 0 0 1 0 0
0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
Total Issues
Low
0 0 0 0 0 0 0 0
Fortify Priority High Medium
Total Issues
Low
0 0 5 19 1 0 70 0
75 1053 1063 444 17 0 70 0
Total Issues
Low 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 2 1 0 0
NOTE: 1. Reported issues in the above table may violate more than one SANS Top 25 2011 category. As such, the same issue may appear in more than one row. The total number of unique vulnerabilities are reported in the Executive Summary table.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
5
Issue Details Below is an enumeration of all issues found in the project. The issues are organized by SANS Top 25 2011, Fortify Priority Order, and vulnerability category. The issues are then further broken down by the package, namespace, or location in which they occur. Issues reported at the same line number with the same category originate from different taint sources.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
6
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
Critical
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/latency.c:142
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/encdec.c:229
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/playfile.c:85
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/confsample.c:127
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
7
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
Critical
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/level.c:74
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/recfile.c:80
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/resampleplay.c:66
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: fgets() from main() In pjsip-apps/src/sa mples/auddemo.c:438
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
8
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
9
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:253
Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/httpd emo.c:168
Sink: fopen() Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
10
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
Critical
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/icede mo.c:281
Sink: fopen() Enclosing Method: icedemo_init() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
11
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
Critical
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/siprt p.c:2046
Sink: fopen() Enclosing Method: app_logging_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Path Manipulation
High
Package: .src.pj Location pjlib/src/pj/file_io_ansi.c: 63
Analysis Info Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
12
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/src/pj/file_io_ansi.c: 63
Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
13
Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation
High
Package: .src.pj Location pjlib/src/pj/file_io_ansi.c: 63
Analysis Info Sink: fopen() Enclosing Method: pj_file_open() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
Analyzer SCA
Insecure Interaction - CWE ID 078 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). CWE-78 states: "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component". No Issues
Insecure Interaction - CWE ID 079 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). CWE-79 states: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users". No Issues
Insecure Interaction - CWE ID 089 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). CWE-89 states: "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
14
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/errno.c:110
Sink: snprintf() Enclosing Method: pjlib_error() Source: main(1) from main() In pjsip-apps/src/sa mples/strerror.c:40
SCA
pjlib/src/pj/errno.c:110
Sink: snprintf() Enclosing Method: pjlib_error() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/file_io_ansi.c: 103
Sink: fread() Enclosing Method: pj_file_read() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
15
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/stream.c :2152
Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Package: .src.pjnath Location
Analysis Info
Analyzer
pjnath/src/pjnath/ice_sessio n.c:764
Sink: strcpy() Enclosing Method: pj_ice_sess_add_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
16
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjnath Location
Analysis Info
Analyzer
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjnath/src/pjnath/ice_sessio n.c:921
Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjnath/src/pjnath/ice_sessio n.c:922
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_sessio n.c:923
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_sessio n.c:925
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
17
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjnath Location
Analysis Info
Analyzer
pjnath/src/pjnath/ice_sessio n.c:926
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_sessio n.c:928
Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_sessio n.c:2754
Sink: snprintf() Enclosing Method: handle_incoming_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/stun_msg_d ump.c:191
Sink: snprintf() Enclosing Method: print_attr() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjmedia/src/test/ main.c:50
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
18
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjnath Location
Analysis Info
Analyzer
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjnath/src/pjnath/stun_trans action.c:95
Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
19
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_msg.c:21 28
Sink: sprintf() Enclosing Method: pjsip_warning_hdr_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_msg.c:21 28
Sink: sprintf() Enclosing Method: pjsip_warning_hdr_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_transact ion.c:1018
Sink: snprintf() Enclosing Method: tsx_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_transpor t.c:436
Sink: snprintf() Enclosing Method: pjsip_tx_data_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
20
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:341
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
21
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:342
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
22
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:343
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
23
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:344
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
24
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:424
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
25
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:425
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
26
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:426
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
27
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:427
Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
28
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip-simple Location pjsip/src/pjsip-simple/evsub .c:794
Analysis Info Sink: snprintf() Enclosing Method: evsub_create() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
Analyzer SCA
Package: .src.pjsip-ua Location
Analysis Info
Analyzer
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
29
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip-ua Location
Analysis Info
Analyzer
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip-ua/sip_inv.c :896
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
30
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip-ua Location
Analysis Info
Analyzer
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip-ua/sip_inv.c :903
Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
31
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip-ua Location
Analysis Info
Analyzer
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip-ua/sip_inv.c :1536
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
32
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsip-ua Location
Analysis Info
Analyzer
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip-ua/sip_inv.c :1543
Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip-ua/sip_xfer. c:415
Sink: snprintf() Enclosing Method: pjsip_xfer_notify() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/pjsip-ua/sip_xfer. c:416
Sink: snprintf() Enclosing Method: pjsip_xfer_notify() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/pjsip-ua/sip_xfer. c:417
Sink: snprintf() Enclosing Method: pjsip_xfer_notify() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
33
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
34
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
35
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231
Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:2670
Sink: Assignment to argv Enclosing Method: cmd_restart_handler() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
36
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
37
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Sink: strcat() Enclosing Method: ui_conf_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
38
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua Location pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545
Analysis Info Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
Analyzer SCA
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/simple_pjsua.c:109
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
39
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjmedia/src/test/ main.c:50
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: fgets() from ui_input_url() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:96
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
40
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsua-lib/pjsua_me dia.c:2026
Sink: Assignment to maudidx Enclosing Method: pjsua_media_channel_init() Source:
SCA
Package: .src.samples Location pjsip-apps/src/samples/icede mo.c:533
Analysis Info Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
41
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/icede mo.c:533
Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:533
Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:533
Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:533
Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:533
Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:572
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:572
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:572
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:572
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:599
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:599
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/icede mo.c:605
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
42
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/icede mo.c:605
Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
43
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/jbsim .c:737
Sink: sprintf() Enclosing Method: tx_tick() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
44
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/samples/pjsip -perf.c:817
Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/pjsip -perf.c:1108
Sink: strcpy() Enclosing Method: verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from main() In pjsip-apps/src/sa mples/auddemo.c:438
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
45
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from ui_input_url() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:96
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/resampleplay.c:66
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/level.c:74
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/recfile.c:80
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjmedia/src/test/ main.c:50
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
46
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/encdec.c:229
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/latency.c:142
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/playfile.c:85
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
47
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/simple_pjsua.c:109
SCA
pjlib/include/pj/string.h:78 6
Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/confsample.c:127
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
48
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjlib/include/pj/string.h:80 0
Sink: memmove() Enclosing Method: pj_memmove() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/n b_celp.c:366
Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/n b_celp.c:399
Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/n b_celp.c:558
Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
49
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
Critical
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/n b_celp.c:914
Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/s b_celp.c:357
Sink: memcpy() Enclosing Method: sb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/s b_celp.c:358
Sink: memcpy() Enclosing Method: sb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Buffer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
50
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
51
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:455
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
52
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjlib/src/pj/log.c:458
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
53
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
54
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/src/pj/log.c:460
Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjlib/src/pj/sock_select.c:7 1
Sink: Assignment to fdsetp->data[1][0].__fds_bits[ ] Enclosing Method: PJ_FD_CLR() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/timer.c:134
Sink: Assignment to ht->heap[] Enclosing Method: copy_node() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/timer.c:137
Sink: Assignment to ht->timer_ids[] Enclosing Method: copy_node() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/timer.c:162
Sink: Assignment to ht->timer_ids[] Enclosing Method: push_freelist() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
Package: .src.pjlib-util Location pjlib-util/src/pjlib-util/cl i_console.c:501
Analysis Info Sink: Assignment to recv_buf[] Enclosing Method: readline_thread() Source: fgets() from readline_thread() In pjlibutil/src/pjlib-util/cli_console.c:472
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
55
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjlib-util Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util/cl i_console.c:502
Sink: Assignment to recv_buf[] Enclosing Method: readline_thread() Source: fgets() from readline_thread() In pjlibutil/src/pjlib-util/cli_console.c:472
SCA
pjlib-util/src/pjlib-util/cl i_console.c:508
Sink: Assignment to fe->input.buf[] Enclosing Method: readline_thread() Source: fgets() from readline_thread() In pjlibutil/src/pjlib-util/cli_console.c:472
SCA
pjlib-util/src/pjlib-util/dn s.c:234
Sink: Assignment to name->ptr[] Enclosing Method: get_name() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
56
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjlib-util Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:226
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
57
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjlib-util Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib-util/src/pjlib-util/ge topt.c:227
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
58
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjlib-util Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib-util/src/pjlib-util/ge topt.c:243
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
59
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjlib-util Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib-util/src/pjlib-util/ge topt.c:244
Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib-util/src/pjlib-util/sr v_resolver.c:126
Sink: Assignment to target_name.ptr[] Enclosing Method: pj_dns_srv_resolve() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib-util/src/pjlib-util/st un_simple_client.c:308
Sink: Assignment to rec[].srv[].mapped_addr Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
pjlib-util/src/pjlib-util/st un_simple_client.c:309
Sink: Assignment to rec[].srv[].mapped_port Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
pjlib-util/src/pjlib-util/st un_simple_client.c:311
Sink: Assignment to rec[].srv[].mapped_addr Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
pjlib-util/src/pjlib-util/st un_simple_client.c:312
Sink: Assignment to rec[].srv[].mapped_port Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746
SCA
Package: .src.pjlib-util-test Location pjlib-util/src/pjlib-util-te st/http_client.c:140
Analysis Info Sink: Assignment to pkt[] Enclosing Method: server_thread() Source: recv() from pj_sock_recv() In pjlib/src/ pj/sock_bsd.c:725
Analyzer SCA
Package: .src.pjmedia Location pjmedia/src/pjmedia/conferen ce.c:981
Analysis Info Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
60
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
61
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/conferen ce.c:981
Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
62
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1652
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
63
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/conferen ce.c:1658
Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
64
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/conferen ce.c:1928
Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
65
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:1975
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
66
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/conferen ce.c:2002
Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
67
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
68
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
69
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:352
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
70
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:353
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
71
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:380
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
72
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:436
Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
73
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:565
Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
74
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:568
Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
75
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:583
Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
76
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:587
Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
77
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/src/pjmedia/echo_sup press.c:588
Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
78
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/echo_sup press.c:656
Sink: Assignment to frm[] Enclosing Method: amplify_frame() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/echo_web rtc.c:352
Sink: Assignment to rec_frm[] Enclosing Method: webrtc_aec_cancel_echo() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/g711.c:4 70
Sink: Assignment to frames[].type Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/g711.c:4 71
Sink: Assignment to frames[].buf Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/g711.c:4 72
Sink: Assignment to frames[].size Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/g711.c:4 73
Sink: Assignment to frames[].timestamp.u64 Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/stream.c :2949
Sink: Assignment to stream->tx_dtmf_buf[].event Enclosing Method: pjmedia_stream_dial_dtmf() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjmedia/src/pjmedia/stream.c :2950
Sink: Assignment to stream->tx_dtmf_buf[].duration Enclosing Method: pjmedia_stream_dial_dtmf() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjmedia/src/pjmedia/stream.c :2951
Sink: Assignment to stream->tx_dtmf_buf[].ebit_cnt Enclosing Method: pjmedia_stream_dial_dtmf() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjmedia/src/pjmedia/wav_play list.c:155
Sink: Assignment to fport->fpos_list[] Enclosing Method: file_fill_buffer() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/wav_play list.c:159
Sink: Assignment to fport->data_left_list[] Enclosing Method: file_fill_buffer() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia/wsola.c: 304
Sink: Assignment to w[] Enclosing Method: create_win() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
79
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia-codec Location
Analysis Info
Analyzer
pjmedia/src/pjmedia-codec/g7 22.c:528
Sink: Assignment to frames[].type Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/g7 22.c:529
Sink: Assignment to frames[].buf Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/g7 22.c:530
Sink: Assignment to frames[].size Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/g7 22.c:531
Sink: Assignment to frames[].timestamp.u64 Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/gs m.c:508
Sink: Assignment to frames[].type Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/gs m.c:509
Sink: Assignment to frames[].buf Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/gs m.c:510
Sink: Assignment to frames[].size Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/gs m.c:511
Sink: Assignment to frames[].timestamp.u64 Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/il bc.c:595
Sink: Assignment to frames[].type Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/il bc.c:596
Sink: Assignment to frames[].buf Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/il bc.c:597
Sink: Assignment to frames[].size Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/il bc.c:598
Sink: Assignment to frames[].timestamp.u64 Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
80
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjmedia-codec Location
Analysis Info
Analyzer
pjmedia/src/pjmedia-codec/l1 6.c:598
Sink: Assignment to frames[].type Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/l1 6.c:599
Sink: Assignment to frames[].buf Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/l1 6.c:600
Sink: Assignment to frames[].size Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/src/pjmedia-codec/l1 6.c:601
Sink: Assignment to frames[].timestamp.u64 Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Package: .src.pjnath Location
Analysis Info
Analyzer
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
81
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjnath Location
Analysis Info
Analyzer
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjnath/src/pjnath/ice_strans .c:703
Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjnath/src/pjnath/ice_strans .c:809
Sink: Assignment to ice_st->cfg.stun_tp[].cfg.grp_ lock Enclosing Method: pj_ice_strans_create() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_strans .c:811
Sink: Assignment to ice_st->cfg.turn_tp[].cfg.grp_ lock Enclosing Method: pj_ice_strans_create() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjnath/src/pjnath/ice_strans .c:1508
Sink: Assignment to comp->turn[].log_off Enclosing Method: pj_ice_strans_sendto() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
82
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_dialog.c :1133
Sink: Assignment to tdata->mod_data[] Enclosing Method: dlg_create_request_throw() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip/sip_dialog.c :1133
Sink: Assignment to tdata->mod_data[] Enclosing Method: dlg_create_request_throw() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_dialog.c :1236
Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip/sip_dialog.c :1236
Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/pjsip/sip_dialog.c :1236
Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_dialog.c :1278
Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip/sip_dialog.c :1278
Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_dialog.c :1278
Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/pjsip/sip_dialog.c :1421
Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_create_response() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip/sip_dialog.c :2082
Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_on_tsx_state() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
83
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsip/sip_parser.c :1802
Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
84
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_uri.c:28 8
Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_uri.c:28 8
Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip/sip_uri.c:34 2
Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/pjsip/sip_uri.c:34 2
Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
Package: .src.pjsip-simple Location
Analysis Info
Analyzer
pjsip/src/pjsip-simple/prese nce.c:421
Sink: Assignment to pres->status.info[].basic_open Enclosing Method: pjsip_pres_set_status() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsip-simple/prese nce.c:437
Sink: Assignment to pres->status.info[].rpid.activ ity Enclosing Method: pjsip_pres_set_status() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:312
Sink: Assignment to argv[] Enclosing Method: read_config_file() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:323
Sink: Assignment to argv[] Enclosing Method: read_config_file() Source: main(0) from main() In pjmedia/src/test/ main.c:50
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:323
Sink: Assignment to argv[] Enclosing Method: read_config_file() Source: main(0) from main() In pjsip-apps/src/pj sua/main.c:127
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
85
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
86
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_ac c.c:1220
Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
87
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip/src/pjsua-lib/pjsua_au d.c:781
Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsua-lib/pjsua_pr es.c:375
Sink: Assignment to pjsua_var.buddy[].pool Enclosing Method: reset_buddy() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjsip/src/pjsua-lib/pjsua_pr es.c:376
Sink: Assignment to pjsua_var.buddy[].index Enclosing Method: reset_buddy() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/pjsip -perf.c:1109
Sink: Assignment to url[] Enclosing Method: verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
88
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/pjsip -perf.c:1729
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
89
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/pjsip -perf.c:1845
Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/plays ine.c:161
Sink: Assignment to sine->samples[] Enclosing Method: create_sine_port() Source: main(1) from main() In pjsip-apps/src/sa mples/playsine.c:187
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
90
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
91
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/siprt p.c:379
Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
92
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/samples/strea mutil.c:121
Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Package: .src.test Location
Analysis Info
Analyzer
pjsip/src/test/transport_tes t.c:412
Sink: Assignment to rt_test_data[].sent_request_co unt Enclosing Method: rt_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/test/transport_tes t.c:419
Sink: Assignment to rt_test_data[].timeout_timer.u ser_data Enclosing Method: rt_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/test/transport_tes t.c:440
Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip/src/test/transport_tes t.c:440
Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/test/transport_tes t.c:440
Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/test/transport_tes t.c:440
Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/test/transport_tes t.c:440
Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
93
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: .src.test Location
Analysis Info
Analyzer
pjsip/src/test/transport_tes t.c:449
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip/src/test/transport_tes t.c:449
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/test/transport_tes t.c:449
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/test/transport_tes t.c:449
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/test/transport_tes t.c:449
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/test/transport_tes t.c:468
Sink: Assignment to rt_test_data[].timeout_timer.u ser_data Enclosing Method: rt_timeout_timer() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/test/transport_tes t.c:472
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_timeout_timer() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjsip/src/test/transport_tes t.c:487
Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_tx_timer() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
Package: pjlib.include.pj Location pjlib/include/pj/string_i.h: 57
Analysis Info Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
94
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: fgets() from ui_input_url() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:96
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
95
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: pjlib.include.pj Location
Analysis Info
Analyzer
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/simple_pjsua.c:109
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/include/pj/string_i.h: 57
Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Package: pjmedia.include.pjmedia Location
Analysis Info
Analyzer
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
96
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: pjmedia.include.pjmedia Location
Analysis Info
Analyzer
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjmedia/include/pjmedia/ster eo.h:141
Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/b its.c:139
Sink: Assignment to bits->chars[] Enclosing Method: speex_bits_read_from() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/f ilterbank.c:99
Sink: Assignment to bank->bank_left[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
97
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/f ilterbank.c:100
Sink: Assignment to bank->filter_left[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/f ilterbank.c:101
Sink: Assignment to bank->bank_right[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/f ilterbank.c:102
Sink: Assignment to bank->filter_right[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:449
Sink: Assignment to st->window[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:452
Sink: Assignment to st->power_1[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
98
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
third_party/speex/libspeex/m df.c:454
Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
99
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
third_party/speex/libspeex/m df.c:463
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
100
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
third_party/speex/libspeex/m df.c:468
Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
third_party/speex/libspeex/m df.c:600
Sink: Assignment to st->play_buf[] Enclosing Method: speex_echo_capture() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
101
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/m df.c:693
Sink: Assignment to st->x[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:712
Sink: Assignment to st->input[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:728
Sink: Assignment to st->x[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:736
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:783
Sink: Assignment to st->wtmp[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:797
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:802
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:844
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:861
Sink: Assignment to st->y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:863
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:893
Sink: Assignment to out[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:904
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
102
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/m df.c:905
Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:925
Sink: Assignment to out[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:947
Sink: Assignment to st->y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:957
Sink: Assignment to st->power[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:986
Sink: Assignment to st->Eh[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:987
Sink: Assignment to st->Yh[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:1068
Sink: Assignment to st->power_1[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:1087
Sink: Assignment to st->power_1[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:1099
Sink: Assignment to st->last_y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/m df.c:1101
Sink: Assignment to st->last_y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:284
Sink: Assignment to w[] Enclosing Method: conj_window() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:475
Sink: Assignment to st->window[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
103
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/p reprocess.c:481
Sink: Assignment to st->window[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:482
Sink: Assignment to st->window[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:487
Sink: Assignment to st->noise[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:488
Sink: Assignment to st->reverb_estimate[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:489
Sink: Assignment to st->old_ps[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:490
Sink: Assignment to st->gain[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:491
Sink: Assignment to st->post[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:492
Sink: Assignment to st->prior[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:496
Sink: Assignment to st->update_prob[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:499
Sink: Assignment to st->inbuf[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:500
Sink: Assignment to st->outbuf[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:510
Sink: Assignment to st->loudness_weight[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
104
Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow
High
Package: third_party.speex.libspeex Location
Analysis Info
Analyzer
third_party/speex/libspeex/p reprocess.c:512
Sink: Assignment to st->loudness_weight[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
third_party/speex/libspeex/p reprocess.c:513
Sink: Assignment to st->loudness_weight[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
Package: third_party.srtp.crypto.replay Location third_party/srtp/crypto/repl ay/rdbx.c:298
Analysis Info Sink: Assignment to rdbx->bitmask.word[] Enclosing Method: srtp_rdbx_add_index() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
105
Risky Resource Management - CWE ID 131 Incorrect Calculation of Buffer Size. CWE-131 states: "The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow". Buffer Overflow: Off-by-One
Critical
Package: .src.pjlib-util-test Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util-te st/encryption.c:602
Sink: Assignment to output Enclosing Method: base64_test() Source:
SCA
pjlib-util/src/pjlib-util-te st/encryption.c:619
Sink: Assignment to output Enclosing Method: base64_test() Source:
SCA
Package: .src.pjmedia Location
Analysis Info
Analyzer
pjmedia/src/pjmedia/transpor t_srtp.c:897
Sink: Assignment to b64 Enclosing Method: pjmedia_transport_srtp_start() Source:
SCA
pjmedia/src/pjmedia/transpor t_srtp.c:914
Sink: Assignment to b64 Enclosing Method: pjmedia_transport_srtp_start() Source:
SCA
Package: third_party.srtp.crypto.math Location third_party/srtp/crypto/math /datatypes.c:130
Analysis Info Sink: Assignment to bit_string Enclosing Method: srtp_octet_string_hex_string() Source:
Out-of-Bounds Read
Analyzer SCA
Low
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/activesock.c:38 6
Sink: Read Enclosing Method: pj_activesock_start_read2() Source:
SCA
pjlib/src/pj/ssl_sock_ossl.c :2949
Sink: Read Enclosing Method: pj_ssl_sock_start_read2() Source:
SCA
Package: .src.samples Location pjsip-apps/src/samples/siprt p.c:395
Analysis Info Sink: Read Enclosing Method: destroy_sip() Source:
Analyzer SCA
Package: third_party.speex.libspeex Location third_party/speex/libspeex/s peex_header.c:97
Analysis Info Sink: Read Enclosing Method: speex_init_header() Source:
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
106
Risky Resource Management - CWE ID 131 Incorrect Calculation of Buffer Size. CWE-131 states: "The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow". Out-of-Bounds Read
Low
Package: third_party.speex.libspeex Location third_party/speex/libspeex/s peex_header.c:98
Analysis Info Sink: Read Enclosing Method: speex_init_header() Source:
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
107
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
108
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
109
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
110
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
111
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
112
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
113
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
114
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
115
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
116
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
117
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
118
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
119
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
120
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
121
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
122
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
123
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
124
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
125
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
126
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
127
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
128
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
129
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
130
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
131
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
132
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
133
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
134
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
135
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
136
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
137
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjmedia/src/test/ main.c:50
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183
Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Package: .src.samples Location pjsip-apps/src/samples/confs ample.c:496
Analysis Info Sink: sprintf() Enclosing Method: conf_list() Source: fgets() from input() In pjsip-apps/src/s amples/confsample.c:108
Analyzer SCA
Package: .src.test Location
Analysis Info
Analyzer
pjsip/src/test/inv_offer_ans wer_test.c:486
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/test/inv_offer_ans wer_test.c:486
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip/src/test/inv_offer_ans wer_test.c:486
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
138
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
Critical
Package: .src.test Location
Analysis Info
Analyzer
pjsip/src/test/inv_offer_ans wer_test.c:486
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/test/inv_offer_ans wer_test.c:486
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/test/inv_offer_ans wer_test.c:487
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707
SCA
pjsip/src/test/inv_offer_ans wer_test.c:487
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjsip/src/test/inv_offer_ans wer_test.c:487
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjsip/src/test/inv_offer_ans wer_test.c:487
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjsip/src/test/inv_offer_ans wer_test.c:487
Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
pjsip/src/test/test.c:192
Sink: sprintf() Enclosing Method: report_sval() Source: main(1) from main() In pjsip/src/test/ma in.c:36
SCA
Buffer Overflow: Format String
High
Package: .src.pj Location pjlib/src/pj/os_info.c:331
Analysis Info Sink: snprintf() Enclosing Method: pj_get_sys_info() Source:
Analyzer SCA
Package: .src.pjmedia Location pjmedia/src/pjmedia/stream_c ommon.c:43
Analysis Info Sink: sprintf() Enclosing Method: pjmedia_stream_info_parse_fmtp( ) Source:
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
139
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
High
Package: .src.pjmedia-codec Location
Analysis Info
Analyzer
pjmedia/src/pjmedia-codec/am r_sdp_match.c:81
Sink: snprintf() Enclosing Method: amr_toggle_octet_align() Source:
SCA
pjmedia/src/pjmedia-codec/am r_sdp_match.c:93
Sink: snprintf() Enclosing Method: amr_toggle_octet_align() Source:
SCA
Package: .src.pjnath-test Location pjnath/src/pjnath-test/ice_t est.c:1122
Analysis Info Sink: sprintf() Enclosing Method: ice_test() Source:
Analyzer SCA
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:867
Sink: snprintf() Enclosing Method: cmd_show_account() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_cli.c:889
Sink: snprintf() Enclosing Method: cmd_show_account() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1456
Sink: sprintf() Enclosing Method: default_config() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1554
Sink: sprintf() Enclosing Method: write_account_settings() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1562
Sink: sprintf() Enclosing Method: write_account_settings() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1574
Sink: sprintf() Enclosing Method: write_account_settings() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1582
Sink: sprintf() Enclosing Method: write_account_settings() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1590
Sink: sprintf() Enclosing Method: write_account_settings() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_config.c:1627
Sink: sprintf() Enclosing Method: write_account_settings() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:186
Sink: snprintf() Enclosing Method: print_acc_status() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
140
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
High
Package: .src.pjsua Location
Analysis Info
Analyzer
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1567
Sink: sscanf() Enclosing Method: ui_conf_connect() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1567
Sink: sscanf() Enclosing Method: ui_conf_connect() Source:
SCA
pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1567
Sink: sscanf() Enclosing Method: ui_conf_connect() Source:
SCA
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_ca ll.c:3047
Sink: snprintf() Enclosing Method: pjsua_call_xfer_replaces() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:55
Sink: sprintf() Enclosing Method: dump_media_stat() Source:
SCA
pjsip/src/pjsua-lib/pjsua_im .c:231
Sink: snprintf() Enclosing Method: pjsua_im_process_pager() Source:
SCA
Package: .src.pjsua2 Location pjsip/src/pjsua2/json.cpp:32 0
Analysis Info Sink: snprintf() Enclosing Method: json_verify() Source:
Analyzer SCA
Package: .src.pjsystest Location
Analysis Info
Analyzer
pjsip-apps/src/pjsystest/mai n_console.c:69
Sink: sprintf() Enclosing Method: print_menu() Source:
SCA
pjsip-apps/src/pjsystest/mai n_console.c:89
Sink: sprintf() Enclosing Method: gui_start() Source:
SCA
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/pjsip -perf.c:1702
Sink: sprintf() Enclosing Method: main() Source:
SCA
pjsip-apps/src/samples/pjsip -perf.c:1706
Sink: sprintf() Enclosing Method: main() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
141
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
High
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/siprt p.c:1545
Sink: sprintf() Enclosing Method: good_number() Source:
SCA
pjsip-apps/src/samples/siprt p.c:1549
Sink: sprintf() Enclosing Method: good_number() Source:
SCA
pjsip-apps/src/samples/strea mutil.c:865
Sink: sprintf() Enclosing Method: good_number() Source:
SCA
pjsip-apps/src/samples/strea mutil.c:869
Sink: sprintf() Enclosing Method: good_number() Source:
SCA
Package: .src.test Location
Analysis Info
Analyzer
pjmedia/src/test/jbuf_test.c :59
Sink: sscanf() Enclosing Method: parse_test_headers() Source:
SCA
pjmedia/src/test/jbuf_test.c :68
Sink: sscanf() Enclosing Method: parse_test_headers() Source:
SCA
pjsip/src/test/test.c:113
Sink: sprintf() Enclosing Method: init_report() Source:
SCA
pjsip/src/test/test.c:125
Sink: sprintf() Enclosing Method: init_report() Source:
SCA
pjsip/src/test/test.c:188
Sink: sprintf() Enclosing Method: report_sval() Source:
SCA
pjsip/src/test/test.c:202
Sink: sprintf() Enclosing Method: report_ival() Source:
SCA
pjsip/src/test/transport_tcp _test.c:60
Sink: sprintf() Enclosing Method: transport_tcp_test() Source:
SCA
pjsip/src/test/tsx_basic_tes t.c:143
Sink: sprintf() Enclosing Method: tsx_basic_test() Source:
SCA
pjsip/src/test/tsx_basic_tes t.c:145
Sink: sprintf() Enclosing Method: tsx_basic_test() Source:
SCA
pjsip/src/test/tsx_uac_test. c:1357
Sink: sprintf() Enclosing Method: tsx_uac_test() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
142
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String
High
Package: .src.test Location
Analysis Info
Analyzer
pjsip/src/test/tsx_uac_test. c:1359
Sink: sprintf() Enclosing Method: tsx_uac_test() Source:
SCA
pjsip/src/test/tsx_uas_test. c:1565
Sink: sprintf() Enclosing Method: tsx_uas_test() Source:
SCA
pjsip/src/test/tsx_uas_test. c:1567
Sink: sprintf() Enclosing Method: tsx_uas_test() Source:
SCA
pjsip/src/test/txdata_test.c :442
Sink: snprintf() Enclosing Method: txdata_test_uri_params() Source:
SCA
Format String
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/log.c:442
Sink: vsnprintf() Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/src/pj/os_core_unix.c: 1184
Sink: snprintf() Enclosing Method: init_mutex() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
SCA
Package: .src.pjnath Location pjnath/src/pjnath/ice_sessio n.c:364
Analysis Info Sink: snprintf() Enclosing Method: pj_ice_sess_create() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
Format String
Analyzer SCA
Low
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/errno.c:236
Sink: vsnprintf(2) Enclosing Method: pj_perror_imp() Source:
SCA
pjlib/src/pj/os_core_unix.c: 461
Sink: snprintf(2) Enclosing Method: pj_thread_register() Source:
SCA
pjlib/src/pj/os_core_unix.c: 581
Sink: snprintf(2) Enclosing Method: pj_thread_create() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
143
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Format String
Low
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/os_core_unix.c: 1597
Sink: snprintf(2) Enclosing Method: pj_sem_create() Source:
SCA
pjlib/src/pj/pool.c:167
Sink: snprintf(2) Enclosing Method: pj_pool_init_int() Source:
SCA
Package: .src.pjlib-util Location pjlib-util/src/pjlib-util/ht tp_client.c:1509
Analysis Info Sink: vsnprintf(2) Enclosing Method: str_snprintf() Source:
Analyzer SCA
Package: .src.pjmedia Location pjmedia/src/pjmedia/silenced et.c:125
Analysis Info Sink: snprintf(2) Enclosing Method: pjmedia_silence_det_set_name() Source:
Analyzer SCA
Package: .src.pjturn-srv Location
Analysis Info
Analyzer
pjnath/src/pjturn-srv/main.c :133
Sink: err(1) Enclosing Method: main() Source:
SCA
pjnath/src/pjturn-srv/main.c :144
Sink: err(1) Enclosing Method: main() Source:
SCA
pjnath/src/pjturn-srv/main.c :149
Sink: err(1) Enclosing Method: main() Source:
SCA
pjnath/src/pjturn-srv/main.c :155
Sink: err(1) Enclosing Method: main() Source:
SCA
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/encde c.c:128
Sink: err(1) Enclosing Method: enc_dec_test() Source:
SCA
pjsip-apps/src/samples/encde c.c:133
Sink: err(1) Enclosing Method: enc_dec_test() Source:
SCA
pjsip-apps/src/samples/encde c.c:173
Sink: err(1) Enclosing Method: enc_dec_test() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
144
Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Format String
Low
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/encde c.c:201
Sink: err(1) Enclosing Method: enc_dec_test() Source:
SCA
pjsip-apps/src/samples/encde c.c:206
Sink: err(1) Enclosing Method: enc_dec_test() Source:
SCA
pjsip-apps/src/samples/encde c.c:240
Sink: err(1) Enclosing Method: main() Source:
SCA
pjsip-apps/src/samples/encde c.c:244
Sink: err(1) Enclosing Method: main() Source:
SCA
pjsip-apps/src/samples/encde c.c:247
Sink: err(1) Enclosing Method: main() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
145
Risky Resource Management - CWE ID 190 Integer Overflow or Wraparound. CWE-190 states: "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control". Integer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/confsample.c:127
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
146
Risky Resource Management - CWE ID 190 Integer Overflow or Wraparound. CWE-190 states: "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control". Integer Overflow
High
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731
SCA
pjlib/src/pj/pool_policy_mal loc.c:46
Sink: malloc() Enclosing Method: default_block_alloc() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270
SCA
Integer Overflow
Low
Package: .src.pj Location pjlib/src/pj/pool_policy_mal loc.c:46
Analysis Info Sink: malloc() Enclosing Method: default_block_alloc() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466
Analyzer SCA
Porous Defenses - CWE ID 250 Execution with Unnecessary Privileges. CWE-250 states: "The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
147
Porous Defenses - CWE ID 306 Missing Authentication for Critical Function. CWE-306 states: "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources". No Issues
Porous Defenses - CWE ID 307 Improper Restriction of Excessive Authentication Attempts. CWE-307 states: "The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks". No Issues
Porous Defenses - CWE ID 311 Missing Encryption of Sensitive Data. CWE-311 states: "The software does not encrypt sensitive or critical information before storage or transmission". No Issues
Porous Defenses - CWE ID 327 Use of a Broken or Risky Cryptographic Algorithm. CWE-327 states: "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information". No Issues
Insecure Interaction - CWE ID 352 Cross-Site Request Forgery (CSRF). CWE-352 states: "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request". No Issues
Insecure Interaction - CWE ID 434 Unrestricted Upload of File with Dangerous Type. CWE-434 states: "The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
148
Risky Resource Management - CWE ID 494 Download of Code Without Integrity Check. CWE-494 states: "The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code". No Issues
Insecure Interaction - CWE ID 601 URL Redirection to Untrusted Site ('Open Redirect'). CWE-601 states: "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
149
Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()
Low
Package: .src.pj Location
Analysis Info
Analyzer
pjlib/src/pj/addr_resolv_soc k.c:201
Sink: strcpy() Enclosing Method: pj_getaddrinfo() Source:
SCA
pjlib/src/pj/errno.c:238
Sink: strcpy() Enclosing Method: pj_perror_imp() Source:
SCA
pjlib/src/pj/log.c:349
Sink: strcpy() Enclosing Method: pj_log() Source:
SCA
pjlib/src/pj/log.c:355
Sink: strcpy() Enclosing Method: pj_log() Source:
SCA
pjlib/src/pj/os_core_unix.c: 1888
Sink: strcpy() Enclosing Method: pj_term_set_color() Source:
SCA
pjlib/src/pj/os_core_unix.c: 1926
Sink: strcpy() Enclosing Method: pj_term_set_color() Source:
SCA
Package: .src.pjlib-test Location
Analysis Info
Analyzer
pjlib/src/pjlib-test/ioq_udp .c:450
Sink: strcpy() Enclosing Method: unregister_test() Source:
SCA
pjlib/src/pjlib-test/sock.c: 517
Sink: strcpy() Enclosing Method: send_recv_test() Source:
SCA
pjlib/src/pjlib-test/sock.c: 518
Sink: strcpy() Enclosing Method: send_recv_test() Source:
SCA
Package: .src.pjlib-util Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util/pc ap.c:125
Sink: strcpy() Enclosing Method: pj_pcap_open() Source:
SCA
pjlib-util/src/pjlib-util/sr v_resolver.c:455
Sink: strcpy() Enclosing Method: build_server_entries() Source:
SCA
Package: .src.pjmedia Location pjmedia/src/pjmedia/transpor t_ice.c:258
Analysis Info Sink: strcpy() Enclosing Method: pjmedia_ice_create3() Source:
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
150
Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()
Low
Package: .src.pjnath Location pjnath/src/pjnath/ice_sessio n.c:764
Analysis Info Sink: strcpy() Enclosing Method: pj_ice_sess_add_cand() Source:
Analyzer SCA
Package: .src.pjsip Location
Analysis Info
Analyzer
pjsip/src/pjsip/sip_dialog.c :374
Sink: strcpy() Enclosing Method: create_uas_dialog() Source:
SCA
pjsip/src/pjsip/sip_dialog.c :425
Sink: strcpy() Enclosing Method: create_uas_dialog() Source:
SCA
pjsip/src/pjsip/sip_endpoint .c:1236
Sink: strcpy() Enclosing Method: pjsip_endpt_log_error() Source:
SCA
pjsip/src/pjsip/sip_transpor t.c:283
Sink: strcpy() Enclosing Method: pjsip_transport_register_type() Source:
SCA
pjsip/src/pjsip/sip_transpor t.c:656
Sink: strcpy() Enclosing Method: pjsip_rx_data_get_info() Source:
SCA
pjsip/src/pjsip/sip_transpor t_loop.c:99
Sink: strcpy() Enclosing Method: create_incoming_packet() Source:
SCA
pjsip/src/pjsip/sip_transpor t_loop.c:101
Sink: strcpy() Enclosing Method: create_incoming_packet() Source:
SCA
pjsip/src/pjsip/sip_transpor t_tcp.c:396
Sink: strcpy() Enclosing Method: pjsip_tcp_transport_start3() Source:
SCA
pjsip/src/pjsip/sip_transpor t_tls.c:557
Sink: strcpy() Enclosing Method: pjsip_tls_transport_start2() Source:
SCA
pjsip/src/pjsip/sip_ua_layer .c:932
Sink: strcpy() Enclosing Method: print_dialog() Source:
SCA
pjsip/src/pjsip/sip_ua_layer .c:942
Sink: strcpy() Enclosing Method: print_dialog() Source:
SCA
Package: .src.pjsip-ua Location pjsip/src/pjsip-ua/sip_inv.c :2836
Analysis Info Sink: strcpy() Enclosing Method: pjsip_inv_process_redirect() Source:
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
151
Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()
Low
Package: .src.pjsua Location pjsip-apps/src/pjsua/pjsua_a pp.c:638
Analysis Info Sink: strcpy() Enclosing Method: call_on_redirected() Source:
Analyzer SCA
Package: .src.pjsua-lib Location
Analysis Info
Analyzer
pjsip/src/pjsua-lib/pjsua_co re.c:2381
Sink: strcpy() Enclosing Method: pjsua_transport_create() Source:
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3126
Sink: strcpy() Enclosing Method: pjsua_verify_url() Source:
SCA
pjsip/src/pjsua-lib/pjsua_co re.c:3150
Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:51
Sink: strcpy() Enclosing Method: dump_media_stat() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:138
Sink: strcpy() Enclosing Method: dump_media_stat() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:424
Sink: strcpy() Enclosing Method: dump_media_session() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:428
Sink: strcpy() Enclosing Method: dump_media_session() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:899
Sink: strcpy() Enclosing Method: print_call() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:909
Sink: strcpy() Enclosing Method: print_call() Source:
SCA
pjsip/src/pjsua-lib/pjsua_du mp.c:948
Sink: strcpy() Enclosing Method: pjsua_call_dump() Source:
SCA
pjsip/src/pjsua-lib/pjsua_pr es.c:951
Sink: strcpy() Enclosing Method: pres_on_rx_request() Source:
SCA
Package: .src.pjsystest Location pjsip-apps/src/pjsystest/sys test.c:137
Analysis Info Sink: strcpy() Enclosing Method: systest_perror() Source:
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
Analyzer SCA
152
Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()
Low
Package: .src.pjsystest Location
Analysis Info
Analyzer
pjsip-apps/src/pjsystest/sys test.c:155
Sink: strcpy() Enclosing Method: systest_alloc_test_item() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:264
Sink: strcpy() Enclosing Method: systest_play_tone() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:346
Sink: strcpy() Enclosing Method: systest_play_wav() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:465
Sink: strcpy() Enclosing Method: systest_rec_audio() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:552
Sink: strcpy() Enclosing Method: systest_audio_test() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:894
Sink: strcpy() Enclosing Method: systest_latency_test() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:1051
Sink: strcpy() Enclosing Method: systest_aec_test() Source:
SCA
pjsip-apps/src/pjsystest/sys test.c:1088
Sink: strcpy() Enclosing Method: systest_list_audio_devs() Source:
SCA
Package: .src.pjturn-client Location
Analysis Info
Analyzer
pjnath/src/pjturn-client/cli ent_main.c:410
Sink: strcpy() Enclosing Method: menu() Source:
SCA
pjnath/src/pjturn-client/cli ent_main.c:414
Sink: strcpy() Enclosing Method: menu() Source:
SCA
pjnath/src/pjturn-client/cli ent_main.c:416
Sink: strcpy() Enclosing Method: menu() Source:
SCA
pjnath/src/pjturn-client/cli ent_main.c:417
Sink: strcpy() Enclosing Method: menu() Source:
SCA
pjnath/src/pjturn-client/cli ent_main.c:476
Sink: strcpy() Enclosing Method: console_main() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
153
Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()
Low
Package: .src.pjturn-srv Location
Analysis Info
Analyzer
pjnath/src/pjturn-srv/alloca tion.c:330
Sink: strcpy() Enclosing Method: pj_turn_allocation_create() Source:
SCA
pjnath/src/pjturn-srv/auth.c :53
Sink: strcpy() Enclosing Method: pj_turn_auth_init() Source:
SCA
pjnath/src/pjturn-srv/listen er_tcp.c:102
Sink: strcpy() Enclosing Method: pj_turn_listener_create_tcp() Source:
SCA
pjnath/src/pjturn-srv/listen er_udp.c:106
Sink: strcpy() Enclosing Method: pj_turn_listener_create_udp() Source:
SCA
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/icede mo.c:782
Sink: strcpy() Enclosing Method: icedemo_input_remote() Source:
SCA
pjsip-apps/src/samples/icede mo.c:789
Sink: strcpy() Enclosing Method: icedemo_input_remote() Source:
SCA
pjsip-apps/src/samples/icede mo.c:791
Sink: strcpy() Enclosing Method: icedemo_input_remote() Source:
SCA
pjsip-apps/src/samples/jbsim .c:224
Sink: strcpy() Enclosing Method: write_log() Source:
SCA
pjsip-apps/src/samples/jbsim .c:225
Sink: strcpy() Enclosing Method: write_log() Source:
SCA
pjsip-apps/src/samples/jbsim .c:226
Sink: strcpy() Enclosing Method: write_log() Source:
SCA
pjsip-apps/src/samples/jbsim .c:227
Sink: strcpy() Enclosing Method: write_log() Source:
SCA
pjsip-apps/src/samples/jbsim .c:234
Sink: strcpy() Enclosing Method: write_log() Source:
SCA
pjsip-apps/src/samples/jbsim .c:235
Sink: strcpy() Enclosing Method: write_log() Source:
SCA
pjsip-apps/src/samples/pjsip -perf.c:1108
Sink: strcpy() Enclosing Method: verify_sip_url() Source:
SCA
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
154
Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()
Low
Package: .src.samples Location
Analysis Info
Analyzer
pjsip-apps/src/samples/pjsip -perf.c:1700
Sink: strcpy() Enclosing Method: main() Source:
SCA
pjsip-apps/src/samples/strea mutil.c:933
Sink: strcpy() Enclosing Method: print_stream_stat() Source:
SCA
pjsip-apps/src/samples/strea mutil.c:978
Sink: strcpy() Enclosing Method: print_stream_stat() Source:
SCA
Package: .src.test Location pjsip/src/test/transport_tes t.c:557
Analysis Info Sink: strcpy() Enclosing Method: transport_rt_test() Source:
Analyzer SCA
Package: pj Location pjsip/src/pjsua2/endpoint.cp p:1290
Analysis Info Sink: strcpy() Enclosing Method: on_call_redirected() Source:
Analyzer SCA
Porous Defenses - CWE ID 732 Incorrect Permission Assignment for Critical Resource. CWE-732 states: "The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors". No Issues
Porous Defenses - CWE ID 759 Use of a One-Way Hash without a Salt. CWE-759 states: "The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
155
Porous Defenses - CWE ID 798 Use of Hard-coded Credentials. CWE-798 states: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data". Password Management: Hardcoded Password
Critical
Package: .src.pjlib-util-test Location
Analysis Info
Analyzer
pjlib-util/src/pjlib-util-te st/http_client.c:270
Sink: FieldAccess: passwd Enclosing Method: parse_url_test() Source:
SCA
pjlib-util/src/pjlib-util-te st/http_client.c:270
Sink: FieldAccess: passwd Enclosing Method: parse_url_test() Source:
SCA
Porous Defenses - CWE ID 807 Reliance on Untrusted Inputs in a Security Decision. CWE-807 states: "The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism". Often Misused: Authentication
High
Package: .src.pj Location pjlib/src/pj/addr_resolv_soc k.c:45
Analysis Info Sink: gethostbyname() Enclosing Method: pj_gethostbyname() Source:
Analyzer SCA
Risky Resource Management - CWE ID 829 Inclusion of Functionality from Untrusted Control Sphere. CWE-829 states: "The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere". No Issues
Porous Defenses - CWE ID 862 Missing Authorization. CWE-862 states: "The software does not perform an authorization check when an actor attempts to access a resource or perform an action". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
156
Porous Defenses - CWE ID 863 Incorrect Authorization. CWE-863 states: "The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions". No Issues
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
157
Description of Key Terminology Likelihood and Impact Likelihood Likelihood is the probability that a vulnerability will be accurately identified and successfully exploited. Impact Impact is the potential damage an attacker could do to assets by successfully exploiting a vulnerability. This damage can be in the form of, but not limited to, financial loss, compliance violation, loss of brand reputation, and negative publicity.
Fortify Priority Order Critical Critical-priority issues have high impact and high likelihood. Critical-priority issues are easy to detect and exploit and result in large asset damage. These issues represent the highest security risk to the application. As such, they should be remediated immediately. SQL Injection is an example of a critical issue. High High-priority issues have high impact and low likelihood. High-priority issues are often difficult to detect and exploit, but can result in large asset damage. These issues represent a high security risk to the application. High-priority issues should be remediated in the next scheduled patch release. Password Management: Hardcoded Password is an example of a high issue. Medium Medium-priority issues have low impact and high likelihood. Medium-priority issues are easy to detect and exploit, but typically result in small asset damage. These issues represent a moderate security risk to the application. Medium-priority issues should be remediated in the next scheduled product update. Path Manipulation is an example of a medium issue. Low Low-priority issues have low impact and low likelihood. Low-priority issues can be difficult to detect and exploit and typically result in small asset damage. These issues represent a minor security risk to the application. Low-priority issues should be remediated as time allows. Dead Code is an example of a low issue.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
158
About Fortify Solutions Fortify is the leader in end-to-end application security solutions with the flexibility of testing on-premise and on-demand to cover the entire software development lifecycle. Learn more at software.microfocus.com/en-us/solutions/applicationsecurity.
Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.
159