Security vulnerabilities and automated fixes for semgrep issues
4 posts found
A critical buffer overflow vulnerability was discovered and patched in `gimbal_md5.c`, where unsafe C string functions were used without size bounds checking. Left unpatched, this flaw could allow attackers to corrupt memory, crash processes, or execute arbitrary code. The fix replaces unbounded functions with their size-aware counterparts, enforcing a strict invariant: buffer reads must never exceed the declared length.
A critical buffer overflow vulnerability was discovered and fixed in `src/display.cpp`, where unsafe C string functions were used without bounds checking. This type of vulnerability can allow attackers to corrupt memory, crash applications, or execute arbitrary code. The fix replaces unbounded functions with size-aware alternatives like `strlcpy` and `snprintf`, eliminating the overflow risk.
A high-severity integer overflow vulnerability was discovered and fixed in `src/coredump/_UCD_create.c`, where arithmetic multiplication used to compute a memory allocation size lacked overflow protection. If the multiplication wrapped around, an undersized buffer would be allocated, opening the door to a heap overflow attack. This fix closes a subtle but dangerous code path that could lead to memory corruption and potential code execution.
A high-severity shell injection vulnerability was discovered and fixed in a GitHub Actions workflow file, where direct use of `${{ github.* }}` context variables in `run:` steps could allow attackers to execute arbitrary code on CI/CD runners. This post explains how the attack works, what the fix looks like, and how you can audit your own workflows to prevent secrets theft and code compromise. Understanding this class of vulnerability is essential for any team using GitHub Actions in production.