Asterisx Limpio Results CWESANSTop25

Fortify Audit Workbench SANS Top 25 2011 Asterisx limpio results Table of Contents Executive Summary Project Descript

Views 59 Downloads 0 File size 643KB

Report DMCA / Copyright

DOWNLOAD FILE

Recommend stories

limpio

21 0 44KB Read more

Punto Limpio

68 3 721KB Read more

Patio Limpio

62 1 535KB Read more

Chiclayo Limpio

41 3 3MB Read more

Codigo Limpio

70 4 3MB Read more

1.4 limpio

49 0 91KB Read more

Homework results

17/1/2020 Homework results Roberto Auquilla OVERVIEW (/?page=my) (/) CODES (/?page=codes) III MECANICA A / English

43 0 174KB Read more

Web results

12 5 112KB Read more

Limpio Carreteras

69 19 3MB Read more

Codigo Limpio

40 0 89KB Read more

Author / Uploaded
Fredy Avila

Citation preview

Fortify Audit Workbench

SANS Top 25 2011 Asterisx limpio results

Table of Contents Executive Summary Project Description Issue Breakdown Issue Details Risky Resource Management - CWE ID 022 Insecure Interaction - CWE ID 078 Insecure Interaction - CWE ID 079 Insecure Interaction - CWE ID 089 Risky Resource Management - CWE ID 120 Risky Resource Management - CWE ID 131 Risky Resource Management - CWE ID 134 Risky Resource Management - CWE ID 190 Porous Defenses - CWE ID 250 Porous Defenses - CWE ID 306 Porous Defenses - CWE ID 307 Porous Defenses - CWE ID 311 Porous Defenses - CWE ID 327 Insecure Interaction - CWE ID 352 Insecure Interaction - CWE ID 434 Risky Resource Management - CWE ID 494 Insecure Interaction - CWE ID 601 Risky Resource Management - CWE ID 676 Porous Defenses - CWE ID 732 Porous Defenses - CWE ID 759 Porous Defenses - CWE ID 798 Porous Defenses - CWE ID 807 Risky Resource Management - CWE ID 829 Porous Defenses - CWE ID 862 Porous Defenses - CWE ID 863 Description of Key Terminology About Fortify Solutions

© Copyright [2008-2018] Micro Focus or one of its affiliates. The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

2

Executive Summary Asterisx limpio results

Project Name:

Issues by Priority

Project Version: SCA:

Results Present

WebInspect:

Results Not Present

WebInspect Agent:

Results Not Present

Other:

Results Not Present

716

861

High

Critical

Impact 95

0

Low

Medium

Likelihood SANS Top 25 2011 groups Insecure Interaction Porous Defenses Risky Resource Management

Total 0

Status PASS

3

FAIL

2722

FAIL

* The detailed sections following the Executive Summary contain specifics.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

3

Project Description This section provides an overview of the Fortify scan engines used for this project, as well as the project meta-information.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

4

Issue BreakDown The following table summarizes the number of issues identified across the different SANS Top 25 2011 categories and broken down by Fortify Priority Order. Insecure Interaction Critical Insecure Interaction - CWE ID 078 Insecure Interaction - CWE ID 079 Insecure Interaction - CWE ID 089 Insecure Interaction - CWE ID 352 Insecure Interaction - CWE ID 434 Insecure Interaction - CWE ID 601

0 0 0 0 0 0

Risky Resource Management Critical Risky Resource Management - CWE ID 022 Risky Resource Management - CWE ID 120 Risky Resource Management - CWE ID 131 Risky Resource Management - CWE ID 134 Risky Resource Management - CWE ID 190 Risky Resource Management - CWE ID 494 Risky Resource Management - CWE ID 676 Risky Resource Management - CWE ID 829

62 414 419 378 0 0 0 0

Porous Defenses Critical Porous Defenses - CWE ID 250 Porous Defenses - CWE ID 306 Porous Defenses - CWE ID 307 Porous Defenses - CWE ID 311 Porous Defenses - CWE ID 327 Porous Defenses - CWE ID 732 Porous Defenses - CWE ID 759 Porous Defenses - CWE ID 798 Porous Defenses - CWE ID 807 Porous Defenses - CWE ID 862 Porous Defenses - CWE ID 863

0 0 0 0 0 0 0 2 0 0 0

Fortify Priority High Medium 0 0 0 0 0 0

0 0 0 0 0 0

Fortify Priority High Medium 13 639 639 47 16 0 0 0

0 0 0 0 0 0 0 0 1 0 0

0 0 0 0 0 0

0 0 0 0 0 0 0 0 0 0 0

0 0 0 0 0 0

Total Issues

Low

0 0 0 0 0 0 0 0

Fortify Priority High Medium

Total Issues

Low

0 0 5 19 1 0 70 0

75 1053 1063 444 17 0 70 0

Total Issues

Low 0 0 0 0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 2 1 0 0

NOTE: 1. Reported issues in the above table may violate more than one SANS Top 25 2011 category. As such, the same issue may appear in more than one row. The total number of unique vulnerabilities are reported in the Executive Summary table.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

5

Issue Details Below is an enumeration of all issues found in the project. The issues are organized by SANS Top 25 2011, Fortify Priority Order, and vulnerability category. The issues are then further broken down by the package, namespace, or location in which they occur. Issues reported at the same line number with the same category originate from different taint sources.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

6

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

Critical

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/latency.c:142

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/encdec.c:229

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/playfile.c:85

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/confsample.c:127

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

7

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

Critical

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/level.c:74

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/recfile.c:80

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/resampleplay.c:66

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: fgets() from main() In pjsip-apps/src/sa mples/auddemo.c:438

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

8

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

9

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:253

Sink: fopen() Enclosing Method: read_config_file() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/httpd emo.c:168

Sink: fopen() Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

10

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

Critical

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/icede mo.c:281

Sink: fopen() Enclosing Method: icedemo_init() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

11

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

Critical

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/siprt p.c:2046

Sink: fopen() Enclosing Method: app_logging_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Path Manipulation

High

Package: .src.pj Location pjlib/src/pj/file_io_ansi.c: 63

Analysis Info Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

12

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/src/pj/file_io_ansi.c: 63

Sink: fopen() Enclosing Method: pj_file_open() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

13

Risky Resource Management - CWE ID 022 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). CWE-22 states: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory". Path Manipulation

High

Package: .src.pj Location pjlib/src/pj/file_io_ansi.c: 63

Analysis Info Sink: fopen() Enclosing Method: pj_file_open() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

Analyzer SCA

Insecure Interaction - CWE ID 078 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). CWE-78 states: "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component". No Issues

Insecure Interaction - CWE ID 079 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). CWE-79 states: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users". No Issues

Insecure Interaction - CWE ID 089 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). CWE-89 states: "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

14

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/errno.c:110

Sink: snprintf() Enclosing Method: pjlib_error() Source: main(1) from main() In pjsip-apps/src/sa mples/strerror.c:40

SCA

pjlib/src/pj/errno.c:110

Sink: snprintf() Enclosing Method: pjlib_error() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/file_io_ansi.c: 103

Sink: fread() Enclosing Method: pj_file_read() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

15

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/stream.c :2152

Sink: snprintf() Enclosing Method: pjmedia_stream_create() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Package: .src.pjnath Location

Analysis Info

Analyzer

pjnath/src/pjnath/ice_sessio n.c:764

Sink: strcpy() Enclosing Method: pj_ice_sess_add_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

16

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjnath Location

Analysis Info

Analyzer

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjnath/src/pjnath/ice_sessio n.c:921

Sink: snprintf() Enclosing Method: dump_check() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjnath/src/pjnath/ice_sessio n.c:922

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_sessio n.c:923

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_sessio n.c:925

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

17

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjnath Location

Analysis Info

Analyzer

pjnath/src/pjnath/ice_sessio n.c:926

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_sessio n.c:928

Sink: snprintf() Enclosing Method: dump_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_sessio n.c:2754

Sink: snprintf() Enclosing Method: handle_incoming_check() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/stun_msg_d ump.c:191

Sink: snprintf() Enclosing Method: print_attr() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjmedia/src/test/ main.c:50

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

18

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjnath Location

Analysis Info

Analyzer

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjnath/src/pjnath/stun_trans action.c:95

Sink: snprintf() Enclosing Method: pj_stun_client_tsx_create() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

19

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_msg.c:21 28

Sink: sprintf() Enclosing Method: pjsip_warning_hdr_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_msg.c:21 28

Sink: sprintf() Enclosing Method: pjsip_warning_hdr_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_transact ion.c:1018

Sink: snprintf() Enclosing Method: tsx_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_transpor t.c:436

Sink: snprintf() Enclosing Method: pjsip_tx_data_create() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

20

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:341

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

21

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:342

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

22

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:343

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

23

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:344

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

24

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:424

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

25

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:425

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

26

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:426

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

27

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:427

Sink: snprintf() Enclosing Method: update_transport_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

28

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip-simple Location pjsip/src/pjsip-simple/evsub .c:794

Analysis Info Sink: snprintf() Enclosing Method: evsub_create() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

Analyzer SCA

Package: .src.pjsip-ua Location

Analysis Info

Analyzer

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

29

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip-ua Location

Analysis Info

Analyzer

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip-ua/sip_inv.c :896

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

30

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip-ua Location

Analysis Info

Analyzer

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip-ua/sip_inv.c :903

Sink: snprintf() Enclosing Method: pjsip_inv_create_uac() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

31

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip-ua Location

Analysis Info

Analyzer

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip-ua/sip_inv.c :1536

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

32

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsip-ua Location

Analysis Info

Analyzer

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip-ua/sip_inv.c :1543

Sink: snprintf() Enclosing Method: pjsip_inv_create_uas() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip-ua/sip_xfer. c:415

Sink: snprintf() Enclosing Method: pjsip_xfer_notify() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/pjsip-ua/sip_xfer. c:416

Sink: snprintf() Enclosing Method: pjsip_xfer_notify() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/pjsip-ua/sip_xfer. c:417

Sink: snprintf() Enclosing Method: pjsip_xfer_notify() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

33

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

34

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

35

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:1231

Sink: strcat() Enclosing Method: cmd_media_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:2670

Sink: Assignment to argv Enclosing Method: cmd_restart_handler() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

36

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

37

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Sink: strcat() Enclosing Method: ui_conf_list() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

38

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua Location pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1545

Analysis Info Sink: strcat() Enclosing Method: ui_conf_list() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

Analyzer SCA

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/simple_pjsua.c:109

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

39

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: main(1) from main() In pjmedia/src/test/ main.c:50

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: fgets() from ui_input_url() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:96

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

40

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsua-lib/pjsua_me dia.c:2026

Sink: Assignment to maudidx Enclosing Method: pjsua_media_channel_init() Source:

SCA

Package: .src.samples Location pjsip-apps/src/samples/icede mo.c:533

Analysis Info Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

41

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/icede mo.c:533

Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:533

Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:533

Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:533

Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:533

Sink: snprintf() Enclosing Method: print_cand() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:572

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:572

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:572

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:572

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:599

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:599

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/icede mo.c:605

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

42

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/icede mo.c:605

Sink: snprintf() Enclosing Method: encode_session() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

43

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/jbsim .c:737

Sink: sprintf() Enclosing Method: tx_tick() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

44

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/samples/pjsip -perf.c:817

Sink: sprintf() Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/pjsip -perf.c:1108

Sink: strcpy() Enclosing Method: verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from main() In pjsip-apps/src/sa mples/auddemo.c:438

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

45

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from ui_input_url() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:96

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/resampleplay.c:66

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/level.c:74

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/recfile.c:80

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjmedia/src/test/ main.c:50

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

46

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/encdec.c:229

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/latency.c:142

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/playfile.c:85

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

47

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/simple_pjsua.c:109

SCA

pjlib/include/pj/string.h:78 6

Sink: memcpy() Enclosing Method: pj_memcpy() Source: main(1) from main() In pjsip-apps/src/sa mples/confsample.c:127

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

48

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjlib/include/pj/string.h:80 0

Sink: memmove() Enclosing Method: pj_memmove() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/n b_celp.c:366

Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/n b_celp.c:399

Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/n b_celp.c:558

Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

49

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

Critical

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/n b_celp.c:914

Sink: memcpy() Enclosing Method: nb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/s b_celp.c:357

Sink: memcpy() Enclosing Method: sb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/s b_celp.c:358

Sink: memcpy() Enclosing Method: sb_encode() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Buffer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

50

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

51

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:455

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

52

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjlib/src/pj/log.c:458

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from console_main() In pjnath/sr c/pjturn-client/client_main.c:456

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

53

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

54

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/src/pj/log.c:460

Sink: Assignment to log_buffer[] Enclosing Method: pj_log() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjlib/src/pj/sock_select.c:7 1

Sink: Assignment to fdsetp->data[1][0].__fds_bits[ ] Enclosing Method: PJ_FD_CLR() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/timer.c:134

Sink: Assignment to ht->heap[] Enclosing Method: copy_node() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/timer.c:137

Sink: Assignment to ht->timer_ids[] Enclosing Method: copy_node() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/timer.c:162

Sink: Assignment to ht->timer_ids[] Enclosing Method: push_freelist() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

Package: .src.pjlib-util Location pjlib-util/src/pjlib-util/cl i_console.c:501

Analysis Info Sink: Assignment to recv_buf[] Enclosing Method: readline_thread() Source: fgets() from readline_thread() In pjlibutil/src/pjlib-util/cli_console.c:472

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

55

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjlib-util Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util/cl i_console.c:502

Sink: Assignment to recv_buf[] Enclosing Method: readline_thread() Source: fgets() from readline_thread() In pjlibutil/src/pjlib-util/cli_console.c:472

SCA

pjlib-util/src/pjlib-util/cl i_console.c:508

Sink: Assignment to fe->input.buf[] Enclosing Method: readline_thread() Source: fgets() from readline_thread() In pjlibutil/src/pjlib-util/cli_console.c:472

SCA

pjlib-util/src/pjlib-util/dn s.c:234

Sink: Assignment to name->ptr[] Enclosing Method: get_name() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

56

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjlib-util Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:226

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

57

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjlib-util Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib-util/src/pjlib-util/ge topt.c:227

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

58

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjlib-util Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib-util/src/pjlib-util/ge topt.c:243

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

59

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjlib-util Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib-util/src/pjlib-util/ge topt.c:244

Sink: Assignment to argv[] Enclosing Method: exchange() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib-util/src/pjlib-util/sr v_resolver.c:126

Sink: Assignment to target_name.ptr[] Enclosing Method: pj_dns_srv_resolve() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib-util/src/pjlib-util/st un_simple_client.c:308

Sink: Assignment to rec[].srv[].mapped_addr Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

pjlib-util/src/pjlib-util/st un_simple_client.c:309

Sink: Assignment to rec[].srv[].mapped_port Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

pjlib-util/src/pjlib-util/st un_simple_client.c:311

Sink: Assignment to rec[].srv[].mapped_addr Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

pjlib-util/src/pjlib-util/st un_simple_client.c:312

Sink: Assignment to rec[].srv[].mapped_port Enclosing Method: pjstun_get_mapped_addr2() Source: recvfrom() from pj_sock_recvfrom() In pj lib/src/pj/sock_bsd.c:746

SCA

Package: .src.pjlib-util-test Location pjlib-util/src/pjlib-util-te st/http_client.c:140

Analysis Info Sink: Assignment to pkt[] Enclosing Method: server_thread() Source: recv() from pj_sock_recv() In pjlib/src/ pj/sock_bsd.c:725

Analyzer SCA

Package: .src.pjmedia Location pjmedia/src/pjmedia/conferen ce.c:981

Analysis Info Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

60

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

61

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/conferen ce.c:981

Sink: Assignment to src_port->listener_slots[] Enclosing Method: pjmedia_conf_connect_port() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

62

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1652

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

63

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/conferen ce.c:1658

Sink: Assignment to buf[] Enclosing Method: write_port() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

64

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/conferen ce.c:1928

Sink: Assignment to p_in[] Enclosing Method: get_frame() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

65

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:1975

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

66

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/conferen ce.c:2002

Sink: Assignment to mix_buf[] Enclosing Method: get_frame() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

67

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

68

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

69

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:352

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

70

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:353

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_reset() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

71

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:380

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_soft_reset() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

72

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:436

Sink: Assignment to ec->play_hist[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

73

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:565

Sink: Assignment to ec->tmp_corr[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

74

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:568

Sink: Assignment to ec->tmp_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

75

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:583

Sink: Assignment to ec->corr_sum[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

76

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:587

Sink: Assignment to ec->min_factor[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

77

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/src/pjmedia/echo_sup press.c:588

Sink: Assignment to ec->avg_factor[] Enclosing Method: echo_supp_update() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

78

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/echo_sup press.c:656

Sink: Assignment to frm[] Enclosing Method: amplify_frame() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/echo_web rtc.c:352

Sink: Assignment to rec_frm[] Enclosing Method: webrtc_aec_cancel_echo() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/g711.c:4 70

Sink: Assignment to frames[].type Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/g711.c:4 71

Sink: Assignment to frames[].buf Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/g711.c:4 72

Sink: Assignment to frames[].size Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/g711.c:4 73

Sink: Assignment to frames[].timestamp.u64 Enclosing Method: g711_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/stream.c :2949

Sink: Assignment to stream->tx_dtmf_buf[].event Enclosing Method: pjmedia_stream_dial_dtmf() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjmedia/src/pjmedia/stream.c :2950

Sink: Assignment to stream->tx_dtmf_buf[].duration Enclosing Method: pjmedia_stream_dial_dtmf() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjmedia/src/pjmedia/stream.c :2951

Sink: Assignment to stream->tx_dtmf_buf[].ebit_cnt Enclosing Method: pjmedia_stream_dial_dtmf() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjmedia/src/pjmedia/wav_play list.c:155

Sink: Assignment to fport->fpos_list[] Enclosing Method: file_fill_buffer() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/wav_play list.c:159

Sink: Assignment to fport->data_left_list[] Enclosing Method: file_fill_buffer() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia/wsola.c: 304

Sink: Assignment to w[] Enclosing Method: create_win() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

79

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia-codec Location

Analysis Info

Analyzer

pjmedia/src/pjmedia-codec/g7 22.c:528

Sink: Assignment to frames[].type Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/g7 22.c:529

Sink: Assignment to frames[].buf Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/g7 22.c:530

Sink: Assignment to frames[].size Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/g7 22.c:531

Sink: Assignment to frames[].timestamp.u64 Enclosing Method: g722_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/gs m.c:508

Sink: Assignment to frames[].type Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/gs m.c:509

Sink: Assignment to frames[].buf Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/gs m.c:510

Sink: Assignment to frames[].size Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/gs m.c:511

Sink: Assignment to frames[].timestamp.u64 Enclosing Method: gsm_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/il bc.c:595

Sink: Assignment to frames[].type Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/il bc.c:596

Sink: Assignment to frames[].buf Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/il bc.c:597

Sink: Assignment to frames[].size Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/il bc.c:598

Sink: Assignment to frames[].timestamp.u64 Enclosing Method: ilbc_codec_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

80

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjmedia-codec Location

Analysis Info

Analyzer

pjmedia/src/pjmedia-codec/l1 6.c:598

Sink: Assignment to frames[].type Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/l1 6.c:599

Sink: Assignment to frames[].buf Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/l1 6.c:600

Sink: Assignment to frames[].size Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/src/pjmedia-codec/l1 6.c:601

Sink: Assignment to frames[].timestamp.u64 Enclosing Method: l16_parse() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Package: .src.pjnath Location

Analysis Info

Analyzer

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

81

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjnath Location

Analysis Info

Analyzer

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjnath/src/pjnath/ice_strans .c:703

Sink: Assignment to ice_st->comp[] Enclosing Method: create_comp() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjnath/src/pjnath/ice_strans .c:809

Sink: Assignment to ice_st->cfg.stun_tp[].cfg.grp_ lock Enclosing Method: pj_ice_strans_create() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_strans .c:811

Sink: Assignment to ice_st->cfg.turn_tp[].cfg.grp_ lock Enclosing Method: pj_ice_strans_create() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjnath/src/pjnath/ice_strans .c:1508

Sink: Assignment to comp->turn[].log_off Enclosing Method: pj_ice_strans_sendto() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

82

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_dialog.c :1133

Sink: Assignment to tdata->mod_data[] Enclosing Method: dlg_create_request_throw() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip/sip_dialog.c :1133

Sink: Assignment to tdata->mod_data[] Enclosing Method: dlg_create_request_throw() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_dialog.c :1236

Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip/sip_dialog.c :1236

Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/pjsip/sip_dialog.c :1236

Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_dialog.c :1278

Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip/sip_dialog.c :1278

Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_dialog.c :1278

Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/pjsip/sip_dialog.c :1421

Sink: Assignment to tdata->mod_data[] Enclosing Method: pjsip_dlg_create_response() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip/sip_dialog.c :2082

Sink: Assignment to tsx->mod_data[] Enclosing Method: pjsip_dlg_on_tsx_state() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

83

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsip/sip_parser.c :1802

Sink: Assignment to tmp.ptr[] Enclosing Method: parse_generic_string_hdr() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

84

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_uri.c:28 8

Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_uri.c:28 8

Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip/sip_uri.c:34 2

Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/pjsip/sip_uri.c:34 2

Sink: Assignment to buf[] Enclosing Method: pjsip_url_print() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

Package: .src.pjsip-simple Location

Analysis Info

Analyzer

pjsip/src/pjsip-simple/prese nce.c:421

Sink: Assignment to pres->status.info[].basic_open Enclosing Method: pjsip_pres_set_status() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsip-simple/prese nce.c:437

Sink: Assignment to pres->status.info[].rpid.activ ity Enclosing Method: pjsip_pres_set_status() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:312

Sink: Assignment to argv[] Enclosing Method: read_config_file() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:323

Sink: Assignment to argv[] Enclosing Method: read_config_file() Source: main(0) from main() In pjmedia/src/test/ main.c:50

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:323

Sink: Assignment to argv[] Enclosing Method: read_config_file() Source: main(0) from main() In pjsip-apps/src/pj sua/main.c:127

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

85

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

86

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_ac c.c:1220

Sink: Assignment to acc->cred[] Enclosing Method: pjsua_acc_modify() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

87

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip/src/pjsua-lib/pjsua_au d.c:781

Sink: Assignment to info->listeners[] Enclosing Method: pjsua_conf_get_port_info() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsua-lib/pjsua_pr es.c:375

Sink: Assignment to pjsua_var.buddy[].pool Enclosing Method: reset_buddy() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjsip/src/pjsua-lib/pjsua_pr es.c:376

Sink: Assignment to pjsua_var.buddy[].index Enclosing Method: reset_buddy() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/pjsip -perf.c:1109

Sink: Assignment to url[] Enclosing Method: verify_sip_url() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

88

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/pjsip -perf.c:1729

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

89

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/pjsip -perf.c:1845

Sink: Assignment to app.thread[] Enclosing Method: main() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/plays ine.c:161

Sink: Assignment to sine->samples[] Enclosing Method: create_sine_port() Source: main(1) from main() In pjsip-apps/src/sa mples/playsine.c:187

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

90

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

91

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/siprt p.c:379

Sink: Assignment to app.call[].index Enclosing Method: init_sip() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

92

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/samples/strea mutil.c:121

Sink: Assignment to raw[] Enclosing Method: my_hex_string_to_octet_string() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Package: .src.test Location

Analysis Info

Analyzer

pjsip/src/test/transport_tes t.c:412

Sink: Assignment to rt_test_data[].sent_request_co unt Enclosing Method: rt_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/test/transport_tes t.c:419

Sink: Assignment to rt_test_data[].timeout_timer.u ser_data Enclosing Method: rt_send_request() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/test/transport_tes t.c:440

Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip/src/test/transport_tes t.c:440

Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/test/transport_tes t.c:440

Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/test/transport_tes t.c:440

Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/test/transport_tes t.c:440

Sink: Assignment to rt_test_data[].recv_response_c ount Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

93

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: .src.test Location

Analysis Info

Analyzer

pjsip/src/test/transport_tes t.c:449

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip/src/test/transport_tes t.c:449

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/test/transport_tes t.c:449

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/test/transport_tes t.c:449

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/test/transport_tes t.c:449

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_on_rx_response() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/test/transport_tes t.c:468

Sink: Assignment to rt_test_data[].timeout_timer.u ser_data Enclosing Method: rt_timeout_timer() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/test/transport_tes t.c:472

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_timeout_timer() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjsip/src/test/transport_tes t.c:487

Sink: Assignment to rt_test_data[].tx_timer.user_d ata Enclosing Method: rt_tx_timer() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

Package: pjlib.include.pj Location pjlib/include/pj/string_i.h: 57

Analysis Info Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

94

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: fgets() from ui_input_url() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:96

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: fgets() from simple_input() In pjsip-app s/src/pjsua/pjsua_app_legacy.c:160

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/httpdemo.c:150

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

95

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: pjlib.include.pj Location

Analysis Info

Analyzer

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/simpleua.c:225

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/simple_pjsua.c:109

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/include/pj/string_i.h: 57

Sink: Assignment to dst->ptr[] Enclosing Method: pj_strdup_with_null() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Package: pjmedia.include.pjmedia Location

Analysis Info

Analyzer

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

96

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: pjmedia.include.pjmedia Location

Analysis Info

Analyzer

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjmedia/include/pjmedia/ster eo.h:141

Sink: Assignment to multi[] Enclosing Method: pjmedia_convert_channel_1ton() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/b its.c:139

Sink: Assignment to bits->chars[] Enclosing Method: speex_bits_read_from() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/f ilterbank.c:99

Sink: Assignment to bank->bank_left[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

97

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/f ilterbank.c:100

Sink: Assignment to bank->filter_left[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/f ilterbank.c:101

Sink: Assignment to bank->bank_right[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/f ilterbank.c:102

Sink: Assignment to bank->filter_right[] Enclosing Method: filterbank_new() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:449

Sink: Assignment to st->window[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:452

Sink: Assignment to st->power_1[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

98

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

third_party/speex/libspeex/m df.c:454

Sink: Assignment to st->W[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

99

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

third_party/speex/libspeex/m df.c:463

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

100

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

third_party/speex/libspeex/m df.c:468

Sink: Assignment to st->prop[] Enclosing Method: speex_echo_state_init() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

third_party/speex/libspeex/m df.c:600

Sink: Assignment to st->play_buf[] Enclosing Method: speex_echo_capture() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

101

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/m df.c:693

Sink: Assignment to st->x[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:712

Sink: Assignment to st->input[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:728

Sink: Assignment to st->x[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:736

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:783

Sink: Assignment to st->wtmp[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:797

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:802

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:844

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:861

Sink: Assignment to st->y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:863

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:893

Sink: Assignment to out[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:904

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

102

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/m df.c:905

Sink: Assignment to st->e[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:925

Sink: Assignment to out[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:947

Sink: Assignment to st->y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:957

Sink: Assignment to st->power[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:986

Sink: Assignment to st->Eh[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:987

Sink: Assignment to st->Yh[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:1068

Sink: Assignment to st->power_1[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:1087

Sink: Assignment to st->power_1[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:1099

Sink: Assignment to st->last_y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/m df.c:1101

Sink: Assignment to st->last_y[] Enclosing Method: speex_echo_cancellation() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:284

Sink: Assignment to w[] Enclosing Method: conj_window() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:475

Sink: Assignment to st->window[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

103

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/p reprocess.c:481

Sink: Assignment to st->window[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:482

Sink: Assignment to st->window[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:487

Sink: Assignment to st->noise[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:488

Sink: Assignment to st->reverb_estimate[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:489

Sink: Assignment to st->old_ps[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:490

Sink: Assignment to st->gain[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:491

Sink: Assignment to st->post[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:492

Sink: Assignment to st->prior[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:496

Sink: Assignment to st->update_prob[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:499

Sink: Assignment to st->inbuf[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:500

Sink: Assignment to st->outbuf[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:510

Sink: Assignment to st->loudness_weight[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

104

Risky Resource Management - CWE ID 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). CWE-120 states: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow". Buffer Overflow

High

Package: third_party.speex.libspeex Location

Analysis Info

Analyzer

third_party/speex/libspeex/p reprocess.c:512

Sink: Assignment to st->loudness_weight[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

third_party/speex/libspeex/p reprocess.c:513

Sink: Assignment to st->loudness_weight[] Enclosing Method: speex_preprocess_state_init() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

Package: third_party.srtp.crypto.replay Location third_party/srtp/crypto/repl ay/rdbx.c:298

Analysis Info Sink: Assignment to rdbx->bitmask.word[] Enclosing Method: srtp_rdbx_add_index() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

105

Risky Resource Management - CWE ID 131 Incorrect Calculation of Buffer Size. CWE-131 states: "The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow". Buffer Overflow: Off-by-One

Critical

Package: .src.pjlib-util-test Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util-te st/encryption.c:602

Sink: Assignment to output Enclosing Method: base64_test() Source:

SCA

pjlib-util/src/pjlib-util-te st/encryption.c:619

Sink: Assignment to output Enclosing Method: base64_test() Source:

SCA

Package: .src.pjmedia Location

Analysis Info

Analyzer

pjmedia/src/pjmedia/transpor t_srtp.c:897

Sink: Assignment to b64 Enclosing Method: pjmedia_transport_srtp_start() Source:

SCA

pjmedia/src/pjmedia/transpor t_srtp.c:914

Sink: Assignment to b64 Enclosing Method: pjmedia_transport_srtp_start() Source:

SCA

Package: third_party.srtp.crypto.math Location third_party/srtp/crypto/math /datatypes.c:130

Analysis Info Sink: Assignment to bit_string Enclosing Method: srtp_octet_string_hex_string() Source:

Out-of-Bounds Read

Analyzer SCA

Low

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/activesock.c:38 6

Sink: Read Enclosing Method: pj_activesock_start_read2() Source:

SCA

pjlib/src/pj/ssl_sock_ossl.c :2949

Sink: Read Enclosing Method: pj_ssl_sock_start_read2() Source:

SCA

Package: .src.samples Location pjsip-apps/src/samples/siprt p.c:395

Analysis Info Sink: Read Enclosing Method: destroy_sip() Source:

Analyzer SCA

Package: third_party.speex.libspeex Location third_party/speex/libspeex/s peex_header.c:97

Analysis Info Sink: Read Enclosing Method: speex_init_header() Source:

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

106

Risky Resource Management - CWE ID 131 Incorrect Calculation of Buffer Size. CWE-131 states: "The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow". Out-of-Bounds Read

Low

Package: third_party.speex.libspeex Location third_party/speex/libspeex/s peex_header.c:98

Analysis Info Sink: Read Enclosing Method: speex_init_header() Source:

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

107

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

108

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1781

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

109

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1782

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

110

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1804

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

111

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1805

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

112

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1812

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

113

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1813

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

114

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1832

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

115

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1833

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

116

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1840

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

117

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1841

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

118

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1858

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

119

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1859

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

120

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

121

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1869

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

122

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1870

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

123

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1875

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

124

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1876

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

125

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1881

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

126

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1882

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

127

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1888

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

128

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1889

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

129

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1907

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

130

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1961

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

131

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1972

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

132

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2054

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

133

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

134

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2125

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

135

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2131

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

136

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2182

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/pj sua/main.c:127

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

137

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: main(1) from main() In pjmedia/src/test/ main.c:50

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:2183

Sink: sprintf() Enclosing Method: write_settings() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Package: .src.samples Location pjsip-apps/src/samples/confs ample.c:496

Analysis Info Sink: sprintf() Enclosing Method: conf_list() Source: fgets() from input() In pjsip-apps/src/s amples/confsample.c:108

Analyzer SCA

Package: .src.test Location

Analysis Info

Analyzer

pjsip/src/test/inv_offer_ans wer_test.c:486

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/test/inv_offer_ans wer_test.c:486

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip/src/test/inv_offer_ans wer_test.c:486

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

138

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

Critical

Package: .src.test Location

Analysis Info

Analyzer

pjsip/src/test/inv_offer_ans wer_test.c:486

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/test/inv_offer_ans wer_test.c:486

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/test/inv_offer_ans wer_test.c:487

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: fgets() from legacy_main() In pjsip-apps /src/pjsua/pjsua_app_legacy.c:1707

SCA

pjsip/src/test/inv_offer_ans wer_test.c:487

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjsip/src/test/inv_offer_ans wer_test.c:487

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjsip/src/test/inv_offer_ans wer_test.c:487

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: main(1) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjsip/src/test/inv_offer_ans wer_test.c:487

Sink: snprintf() Enclosing Method: log_on_rx_msg() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

pjsip/src/test/test.c:192

Sink: sprintf() Enclosing Method: report_sval() Source: main(1) from main() In pjsip/src/test/ma in.c:36

SCA

Buffer Overflow: Format String

High

Package: .src.pj Location pjlib/src/pj/os_info.c:331

Analysis Info Sink: snprintf() Enclosing Method: pj_get_sys_info() Source:

Analyzer SCA

Package: .src.pjmedia Location pjmedia/src/pjmedia/stream_c ommon.c:43

Analysis Info Sink: sprintf() Enclosing Method: pjmedia_stream_info_parse_fmtp( ) Source:

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

139

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

High

Package: .src.pjmedia-codec Location

Analysis Info

Analyzer

pjmedia/src/pjmedia-codec/am r_sdp_match.c:81

Sink: snprintf() Enclosing Method: amr_toggle_octet_align() Source:

SCA

pjmedia/src/pjmedia-codec/am r_sdp_match.c:93

Sink: snprintf() Enclosing Method: amr_toggle_octet_align() Source:

SCA

Package: .src.pjnath-test Location pjnath/src/pjnath-test/ice_t est.c:1122

Analysis Info Sink: sprintf() Enclosing Method: ice_test() Source:

Analyzer SCA

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:867

Sink: snprintf() Enclosing Method: cmd_show_account() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_cli.c:889

Sink: snprintf() Enclosing Method: cmd_show_account() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1456

Sink: sprintf() Enclosing Method: default_config() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1554

Sink: sprintf() Enclosing Method: write_account_settings() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1562

Sink: sprintf() Enclosing Method: write_account_settings() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1574

Sink: sprintf() Enclosing Method: write_account_settings() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1582

Sink: sprintf() Enclosing Method: write_account_settings() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1590

Sink: sprintf() Enclosing Method: write_account_settings() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_config.c:1627

Sink: sprintf() Enclosing Method: write_account_settings() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:186

Sink: snprintf() Enclosing Method: print_acc_status() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

140

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

High

Package: .src.pjsua Location

Analysis Info

Analyzer

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1567

Sink: sscanf() Enclosing Method: ui_conf_connect() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1567

Sink: sscanf() Enclosing Method: ui_conf_connect() Source:

SCA

pjsip-apps/src/pjsua/pjsua_a pp_legacy.c:1567

Sink: sscanf() Enclosing Method: ui_conf_connect() Source:

SCA

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_ca ll.c:3047

Sink: snprintf() Enclosing Method: pjsua_call_xfer_replaces() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:55

Sink: sprintf() Enclosing Method: dump_media_stat() Source:

SCA

pjsip/src/pjsua-lib/pjsua_im .c:231

Sink: snprintf() Enclosing Method: pjsua_im_process_pager() Source:

SCA

Package: .src.pjsua2 Location pjsip/src/pjsua2/json.cpp:32 0

Analysis Info Sink: snprintf() Enclosing Method: json_verify() Source:

Analyzer SCA

Package: .src.pjsystest Location

Analysis Info

Analyzer

pjsip-apps/src/pjsystest/mai n_console.c:69

Sink: sprintf() Enclosing Method: print_menu() Source:

SCA

pjsip-apps/src/pjsystest/mai n_console.c:89

Sink: sprintf() Enclosing Method: gui_start() Source:

SCA

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/pjsip -perf.c:1702

Sink: sprintf() Enclosing Method: main() Source:

SCA

pjsip-apps/src/samples/pjsip -perf.c:1706

Sink: sprintf() Enclosing Method: main() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

141

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

High

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/siprt p.c:1545

Sink: sprintf() Enclosing Method: good_number() Source:

SCA

pjsip-apps/src/samples/siprt p.c:1549

Sink: sprintf() Enclosing Method: good_number() Source:

SCA

pjsip-apps/src/samples/strea mutil.c:865

Sink: sprintf() Enclosing Method: good_number() Source:

SCA

pjsip-apps/src/samples/strea mutil.c:869

Sink: sprintf() Enclosing Method: good_number() Source:

SCA

Package: .src.test Location

Analysis Info

Analyzer

pjmedia/src/test/jbuf_test.c :59

Sink: sscanf() Enclosing Method: parse_test_headers() Source:

SCA

pjmedia/src/test/jbuf_test.c :68

Sink: sscanf() Enclosing Method: parse_test_headers() Source:

SCA

pjsip/src/test/test.c:113

Sink: sprintf() Enclosing Method: init_report() Source:

SCA

pjsip/src/test/test.c:125

Sink: sprintf() Enclosing Method: init_report() Source:

SCA

pjsip/src/test/test.c:188

Sink: sprintf() Enclosing Method: report_sval() Source:

SCA

pjsip/src/test/test.c:202

Sink: sprintf() Enclosing Method: report_ival() Source:

SCA

pjsip/src/test/transport_tcp _test.c:60

Sink: sprintf() Enclosing Method: transport_tcp_test() Source:

SCA

pjsip/src/test/tsx_basic_tes t.c:143

Sink: sprintf() Enclosing Method: tsx_basic_test() Source:

SCA

pjsip/src/test/tsx_basic_tes t.c:145

Sink: sprintf() Enclosing Method: tsx_basic_test() Source:

SCA

pjsip/src/test/tsx_uac_test. c:1357

Sink: sprintf() Enclosing Method: tsx_uac_test() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

142

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Buffer Overflow: Format String

High

Package: .src.test Location

Analysis Info

Analyzer

pjsip/src/test/tsx_uac_test. c:1359

Sink: sprintf() Enclosing Method: tsx_uac_test() Source:

SCA

pjsip/src/test/tsx_uas_test. c:1565

Sink: sprintf() Enclosing Method: tsx_uas_test() Source:

SCA

pjsip/src/test/tsx_uas_test. c:1567

Sink: sprintf() Enclosing Method: tsx_uas_test() Source:

SCA

pjsip/src/test/txdata_test.c :442

Sink: snprintf() Enclosing Method: txdata_test_uri_params() Source:

SCA

Format String

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/log.c:442

Sink: vsnprintf() Enclosing Method: pj_log() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/src/pj/os_core_unix.c: 1184

Sink: snprintf() Enclosing Method: init_mutex() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

SCA

Package: .src.pjnath Location pjnath/src/pjnath/ice_sessio n.c:364

Analysis Info Sink: snprintf() Enclosing Method: pj_ice_sess_create() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

Format String

Analyzer SCA

Low

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/errno.c:236

Sink: vsnprintf(2) Enclosing Method: pj_perror_imp() Source:

SCA

pjlib/src/pj/os_core_unix.c: 461

Sink: snprintf(2) Enclosing Method: pj_thread_register() Source:

SCA

pjlib/src/pj/os_core_unix.c: 581

Sink: snprintf(2) Enclosing Method: pj_thread_create() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

143

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Format String

Low

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/os_core_unix.c: 1597

Sink: snprintf(2) Enclosing Method: pj_sem_create() Source:

SCA

pjlib/src/pj/pool.c:167

Sink: snprintf(2) Enclosing Method: pj_pool_init_int() Source:

SCA

Package: .src.pjlib-util Location pjlib-util/src/pjlib-util/ht tp_client.c:1509

Analysis Info Sink: vsnprintf(2) Enclosing Method: str_snprintf() Source:

Analyzer SCA

Package: .src.pjmedia Location pjmedia/src/pjmedia/silenced et.c:125

Analysis Info Sink: snprintf(2) Enclosing Method: pjmedia_silence_det_set_name() Source:

Analyzer SCA

Package: .src.pjturn-srv Location

Analysis Info

Analyzer

pjnath/src/pjturn-srv/main.c :133

Sink: err(1) Enclosing Method: main() Source:

SCA

pjnath/src/pjturn-srv/main.c :144

Sink: err(1) Enclosing Method: main() Source:

SCA

pjnath/src/pjturn-srv/main.c :149

Sink: err(1) Enclosing Method: main() Source:

SCA

pjnath/src/pjturn-srv/main.c :155

Sink: err(1) Enclosing Method: main() Source:

SCA

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/encde c.c:128

Sink: err(1) Enclosing Method: enc_dec_test() Source:

SCA

pjsip-apps/src/samples/encde c.c:133

Sink: err(1) Enclosing Method: enc_dec_test() Source:

SCA

pjsip-apps/src/samples/encde c.c:173

Sink: err(1) Enclosing Method: enc_dec_test() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

144

Risky Resource Management - CWE ID 134 Uncontrolled Format String. CWE-134 states: "The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems". Format String

Low

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/encde c.c:201

Sink: err(1) Enclosing Method: enc_dec_test() Source:

SCA

pjsip-apps/src/samples/encde c.c:206

Sink: err(1) Enclosing Method: enc_dec_test() Source:

SCA

pjsip-apps/src/samples/encde c.c:240

Sink: err(1) Enclosing Method: main() Source:

SCA

pjsip-apps/src/samples/encde c.c:244

Sink: err(1) Enclosing Method: main() Source:

SCA

pjsip-apps/src/samples/encde c.c:247

Sink: err(1) Enclosing Method: main() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

145

Risky Resource Management - CWE ID 190 Integer Overflow or Wraparound. CWE-190 states: "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control". Integer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: fread() from pj_file_read() In pjlib/src /pj/file_io_ansi.c:103

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/siprtp.c:2072

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/icedemo.c:1193

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/pjsip-perf.c:1650

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/sipecho.c:566

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/jbsim.c:1090

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjnath/src/pjturn -client/client_main.c:556

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/streamutil.c:367

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/pcaputil.c:426

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/sipstateless.c:90

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/confsample.c:127

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

146

Risky Resource Management - CWE ID 190 Integer Overflow or Wraparound. CWE-190 states: "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control". Integer Overflow

High

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/mix.c:80

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/aectest.c:90

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: main(0) from main() In pjsip-apps/src/sa mples/stereotest.c:73

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: fgets() from icedemo_input_remote() In p jsip-apps/src/samples/icedemo.c:731

SCA

pjlib/src/pj/pool_policy_mal loc.c:46

Sink: malloc() Enclosing Method: default_block_alloc() Source: fgets() from read_config_file() In pjsip -apps/src/pjsua/pjsua_app_config.c:270

SCA

Integer Overflow

Low

Package: .src.pj Location pjlib/src/pj/pool_policy_mal loc.c:46

Analysis Info Sink: malloc() Enclosing Method: default_block_alloc() Source: gethostname() from pj_gethostname() In p jlib/src/pj/sock_bsd.c:466

Analyzer SCA

Porous Defenses - CWE ID 250 Execution with Unnecessary Privileges. CWE-250 states: "The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

147

Porous Defenses - CWE ID 306 Missing Authentication for Critical Function. CWE-306 states: "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources". No Issues

Porous Defenses - CWE ID 307 Improper Restriction of Excessive Authentication Attempts. CWE-307 states: "The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks". No Issues

Porous Defenses - CWE ID 311 Missing Encryption of Sensitive Data. CWE-311 states: "The software does not encrypt sensitive or critical information before storage or transmission". No Issues

Porous Defenses - CWE ID 327 Use of a Broken or Risky Cryptographic Algorithm. CWE-327 states: "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information". No Issues

Insecure Interaction - CWE ID 352 Cross-Site Request Forgery (CSRF). CWE-352 states: "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request". No Issues

Insecure Interaction - CWE ID 434 Unrestricted Upload of File with Dangerous Type. CWE-434 states: "The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

148

Risky Resource Management - CWE ID 494 Download of Code Without Integrity Check. CWE-494 states: "The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code". No Issues

Insecure Interaction - CWE ID 601 URL Redirection to Untrusted Site ('Open Redirect'). CWE-601 states: "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

149

Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()

Low

Package: .src.pj Location

Analysis Info

Analyzer

pjlib/src/pj/addr_resolv_soc k.c:201

Sink: strcpy() Enclosing Method: pj_getaddrinfo() Source:

SCA

pjlib/src/pj/errno.c:238

Sink: strcpy() Enclosing Method: pj_perror_imp() Source:

SCA

pjlib/src/pj/log.c:349

Sink: strcpy() Enclosing Method: pj_log() Source:

SCA

pjlib/src/pj/log.c:355

Sink: strcpy() Enclosing Method: pj_log() Source:

SCA

pjlib/src/pj/os_core_unix.c: 1888

Sink: strcpy() Enclosing Method: pj_term_set_color() Source:

SCA

pjlib/src/pj/os_core_unix.c: 1926

Sink: strcpy() Enclosing Method: pj_term_set_color() Source:

SCA

Package: .src.pjlib-test Location

Analysis Info

Analyzer

pjlib/src/pjlib-test/ioq_udp .c:450

Sink: strcpy() Enclosing Method: unregister_test() Source:

SCA

pjlib/src/pjlib-test/sock.c: 517

Sink: strcpy() Enclosing Method: send_recv_test() Source:

SCA

pjlib/src/pjlib-test/sock.c: 518

Sink: strcpy() Enclosing Method: send_recv_test() Source:

SCA

Package: .src.pjlib-util Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util/pc ap.c:125

Sink: strcpy() Enclosing Method: pj_pcap_open() Source:

SCA

pjlib-util/src/pjlib-util/sr v_resolver.c:455

Sink: strcpy() Enclosing Method: build_server_entries() Source:

SCA

Package: .src.pjmedia Location pjmedia/src/pjmedia/transpor t_ice.c:258

Analysis Info Sink: strcpy() Enclosing Method: pjmedia_ice_create3() Source:

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

150

Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()

Low

Package: .src.pjnath Location pjnath/src/pjnath/ice_sessio n.c:764

Analysis Info Sink: strcpy() Enclosing Method: pj_ice_sess_add_cand() Source:

Analyzer SCA

Package: .src.pjsip Location

Analysis Info

Analyzer

pjsip/src/pjsip/sip_dialog.c :374

Sink: strcpy() Enclosing Method: create_uas_dialog() Source:

SCA

pjsip/src/pjsip/sip_dialog.c :425

Sink: strcpy() Enclosing Method: create_uas_dialog() Source:

SCA

pjsip/src/pjsip/sip_endpoint .c:1236

Sink: strcpy() Enclosing Method: pjsip_endpt_log_error() Source:

SCA

pjsip/src/pjsip/sip_transpor t.c:283

Sink: strcpy() Enclosing Method: pjsip_transport_register_type() Source:

SCA

pjsip/src/pjsip/sip_transpor t.c:656

Sink: strcpy() Enclosing Method: pjsip_rx_data_get_info() Source:

SCA

pjsip/src/pjsip/sip_transpor t_loop.c:99

Sink: strcpy() Enclosing Method: create_incoming_packet() Source:

SCA

pjsip/src/pjsip/sip_transpor t_loop.c:101

Sink: strcpy() Enclosing Method: create_incoming_packet() Source:

SCA

pjsip/src/pjsip/sip_transpor t_tcp.c:396

Sink: strcpy() Enclosing Method: pjsip_tcp_transport_start3() Source:

SCA

pjsip/src/pjsip/sip_transpor t_tls.c:557

Sink: strcpy() Enclosing Method: pjsip_tls_transport_start2() Source:

SCA

pjsip/src/pjsip/sip_ua_layer .c:932

Sink: strcpy() Enclosing Method: print_dialog() Source:

SCA

pjsip/src/pjsip/sip_ua_layer .c:942

Sink: strcpy() Enclosing Method: print_dialog() Source:

SCA

Package: .src.pjsip-ua Location pjsip/src/pjsip-ua/sip_inv.c :2836

Analysis Info Sink: strcpy() Enclosing Method: pjsip_inv_process_redirect() Source:

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

151

Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()

Low

Package: .src.pjsua Location pjsip-apps/src/pjsua/pjsua_a pp.c:638

Analysis Info Sink: strcpy() Enclosing Method: call_on_redirected() Source:

Analyzer SCA

Package: .src.pjsua-lib Location

Analysis Info

Analyzer

pjsip/src/pjsua-lib/pjsua_co re.c:2381

Sink: strcpy() Enclosing Method: pjsua_transport_create() Source:

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3126

Sink: strcpy() Enclosing Method: pjsua_verify_url() Source:

SCA

pjsip/src/pjsua-lib/pjsua_co re.c:3150

Sink: strcpy() Enclosing Method: pjsua_verify_sip_url() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:51

Sink: strcpy() Enclosing Method: dump_media_stat() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:138

Sink: strcpy() Enclosing Method: dump_media_stat() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:424

Sink: strcpy() Enclosing Method: dump_media_session() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:428

Sink: strcpy() Enclosing Method: dump_media_session() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:899

Sink: strcpy() Enclosing Method: print_call() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:909

Sink: strcpy() Enclosing Method: print_call() Source:

SCA

pjsip/src/pjsua-lib/pjsua_du mp.c:948

Sink: strcpy() Enclosing Method: pjsua_call_dump() Source:

SCA

pjsip/src/pjsua-lib/pjsua_pr es.c:951

Sink: strcpy() Enclosing Method: pres_on_rx_request() Source:

SCA

Package: .src.pjsystest Location pjsip-apps/src/pjsystest/sys test.c:137

Analysis Info Sink: strcpy() Enclosing Method: systest_perror() Source:

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

Analyzer SCA

152

Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()

Low

Package: .src.pjsystest Location

Analysis Info

Analyzer

pjsip-apps/src/pjsystest/sys test.c:155

Sink: strcpy() Enclosing Method: systest_alloc_test_item() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:264

Sink: strcpy() Enclosing Method: systest_play_tone() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:346

Sink: strcpy() Enclosing Method: systest_play_wav() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:465

Sink: strcpy() Enclosing Method: systest_rec_audio() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:552

Sink: strcpy() Enclosing Method: systest_audio_test() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:894

Sink: strcpy() Enclosing Method: systest_latency_test() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:1051

Sink: strcpy() Enclosing Method: systest_aec_test() Source:

SCA

pjsip-apps/src/pjsystest/sys test.c:1088

Sink: strcpy() Enclosing Method: systest_list_audio_devs() Source:

SCA

Package: .src.pjturn-client Location

Analysis Info

Analyzer

pjnath/src/pjturn-client/cli ent_main.c:410

Sink: strcpy() Enclosing Method: menu() Source:

SCA

pjnath/src/pjturn-client/cli ent_main.c:414

Sink: strcpy() Enclosing Method: menu() Source:

SCA

pjnath/src/pjturn-client/cli ent_main.c:416

Sink: strcpy() Enclosing Method: menu() Source:

SCA

pjnath/src/pjturn-client/cli ent_main.c:417

Sink: strcpy() Enclosing Method: menu() Source:

SCA

pjnath/src/pjturn-client/cli ent_main.c:476

Sink: strcpy() Enclosing Method: console_main() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

153

Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()

Low

Package: .src.pjturn-srv Location

Analysis Info

Analyzer

pjnath/src/pjturn-srv/alloca tion.c:330

Sink: strcpy() Enclosing Method: pj_turn_allocation_create() Source:

SCA

pjnath/src/pjturn-srv/auth.c :53

Sink: strcpy() Enclosing Method: pj_turn_auth_init() Source:

SCA

pjnath/src/pjturn-srv/listen er_tcp.c:102

Sink: strcpy() Enclosing Method: pj_turn_listener_create_tcp() Source:

SCA

pjnath/src/pjturn-srv/listen er_udp.c:106

Sink: strcpy() Enclosing Method: pj_turn_listener_create_udp() Source:

SCA

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/icede mo.c:782

Sink: strcpy() Enclosing Method: icedemo_input_remote() Source:

SCA

pjsip-apps/src/samples/icede mo.c:789

Sink: strcpy() Enclosing Method: icedemo_input_remote() Source:

SCA

pjsip-apps/src/samples/icede mo.c:791

Sink: strcpy() Enclosing Method: icedemo_input_remote() Source:

SCA

pjsip-apps/src/samples/jbsim .c:224

Sink: strcpy() Enclosing Method: write_log() Source:

SCA

pjsip-apps/src/samples/jbsim .c:225

Sink: strcpy() Enclosing Method: write_log() Source:

SCA

pjsip-apps/src/samples/jbsim .c:226

Sink: strcpy() Enclosing Method: write_log() Source:

SCA

pjsip-apps/src/samples/jbsim .c:227

Sink: strcpy() Enclosing Method: write_log() Source:

SCA

pjsip-apps/src/samples/jbsim .c:234

Sink: strcpy() Enclosing Method: write_log() Source:

SCA

pjsip-apps/src/samples/jbsim .c:235

Sink: strcpy() Enclosing Method: write_log() Source:

SCA

pjsip-apps/src/samples/pjsip -perf.c:1108

Sink: strcpy() Enclosing Method: verify_sip_url() Source:

SCA

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

154

Risky Resource Management - CWE ID 676 Use of Potentially Dangerous Function. CWE-676 states: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely". Dangerous Function: strcpy()

Low

Package: .src.samples Location

Analysis Info

Analyzer

pjsip-apps/src/samples/pjsip -perf.c:1700

Sink: strcpy() Enclosing Method: main() Source:

SCA

pjsip-apps/src/samples/strea mutil.c:933

Sink: strcpy() Enclosing Method: print_stream_stat() Source:

SCA

pjsip-apps/src/samples/strea mutil.c:978

Sink: strcpy() Enclosing Method: print_stream_stat() Source:

SCA

Package: .src.test Location pjsip/src/test/transport_tes t.c:557

Analysis Info Sink: strcpy() Enclosing Method: transport_rt_test() Source:

Analyzer SCA

Package: pj Location pjsip/src/pjsua2/endpoint.cp p:1290

Analysis Info Sink: strcpy() Enclosing Method: on_call_redirected() Source:

Analyzer SCA

Porous Defenses - CWE ID 732 Incorrect Permission Assignment for Critical Resource. CWE-732 states: "The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors". No Issues

Porous Defenses - CWE ID 759 Use of a One-Way Hash without a Salt. CWE-759 states: "The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

155

Porous Defenses - CWE ID 798 Use of Hard-coded Credentials. CWE-798 states: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data". Password Management: Hardcoded Password

Critical

Package: .src.pjlib-util-test Location

Analysis Info

Analyzer

pjlib-util/src/pjlib-util-te st/http_client.c:270

Sink: FieldAccess: passwd Enclosing Method: parse_url_test() Source:

SCA

pjlib-util/src/pjlib-util-te st/http_client.c:270

Sink: FieldAccess: passwd Enclosing Method: parse_url_test() Source:

SCA

Porous Defenses - CWE ID 807 Reliance on Untrusted Inputs in a Security Decision. CWE-807 states: "The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism". Often Misused: Authentication

High

Package: .src.pj Location pjlib/src/pj/addr_resolv_soc k.c:45

Analysis Info Sink: gethostbyname() Enclosing Method: pj_gethostbyname() Source:

Analyzer SCA

Risky Resource Management - CWE ID 829 Inclusion of Functionality from Untrusted Control Sphere. CWE-829 states: "The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere". No Issues

Porous Defenses - CWE ID 862 Missing Authorization. CWE-862 states: "The software does not perform an authorization check when an actor attempts to access a resource or perform an action". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

156

Porous Defenses - CWE ID 863 Incorrect Authorization. CWE-863 states: "The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions". No Issues

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

157

Description of Key Terminology Likelihood and Impact Likelihood Likelihood is the probability that a vulnerability will be accurately identified and successfully exploited. Impact Impact is the potential damage an attacker could do to assets by successfully exploiting a vulnerability. This damage can be in the form of, but not limited to, financial loss, compliance violation, loss of brand reputation, and negative publicity.

Fortify Priority Order Critical Critical-priority issues have high impact and high likelihood. Critical-priority issues are easy to detect and exploit and result in large asset damage. These issues represent the highest security risk to the application. As such, they should be remediated immediately. SQL Injection is an example of a critical issue. High High-priority issues have high impact and low likelihood. High-priority issues are often difficult to detect and exploit, but can result in large asset damage. These issues represent a high security risk to the application. High-priority issues should be remediated in the next scheduled patch release. Password Management: Hardcoded Password is an example of a high issue. Medium Medium-priority issues have low impact and high likelihood. Medium-priority issues are easy to detect and exploit, but typically result in small asset damage. These issues represent a moderate security risk to the application. Medium-priority issues should be remediated in the next scheduled product update. Path Manipulation is an example of a medium issue. Low Low-priority issues have low impact and low likelihood. Low-priority issues can be difficult to detect and exploit and typically result in small asset damage. These issues represent a minor security risk to the application. Low-priority issues should be remediated as time allows. Dead Code is an example of a low issue.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

158

About Fortify Solutions Fortify is the leader in end-to-end application security solutions with the flexibility of testing on-premise and on-demand to cover the entire software development lifecycle. Learn more at software.microfocus.com/en-us/solutions/applicationsecurity.

Nov 18, 2020, 1:15 PM © Copyright [2008-2018] Micro Focus or one of its affiliates.

159