Code Security Report: 3 high severity findings, 4 total findings [develop]

# Code Security Report


### Scan Metadata

**Latest Scan:** 2025-08-27 08:21pm
**Total Findings:** 4 | **New Findings:** 0 | **Resolved Findings:** 0
**Tested Project Files:** 60
**Detected Programming Languages:** 1 (C/C++ (Beta))

- [ ] Check this box to manually trigger a scan 



### Finding Details
<table role='table'><thead><tr><th>Severity</th><th>Vulnerability Type</th><th>CWE</th><th>File</th><th>Data Flows</th><th>Detected</th></tr></thead><tbody><tr><td><a href='#'><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20></a> High</td><td>Use After Free</td><td>

[CWE-416](https://cwe.mitre.org/data/definitions/416.html)

</td><td>

[fcache.c:438](https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/fcache.c#L438)

</td><td>1</td><td>2025-01-15 05:55pm</td></tr><tr><td colspan='6'><details><summary><a href='#'><img src='https://saas.mend.io/sast/favicon.png' width=15 height=15></a> Vulnerable Code</summary>

https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/fcache.c#L433-L438

<details>
<summary>1 Data Flow/s detected</summary></br>


https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/fcache.c#L438

</details>
</details>

<details>

<summary><a href='#'><img src='https://integration-api.securecodewarrior.com/explorer/favicon-32x32.png' width=15 height=15></a> Secure Code Warrior Training Material</summary>

● Training

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Use After Free Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/memory/useafterfree/cpp/vanilla)

● Videos

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Use After Free Video](https://media.securecodewarrior.com/v2/Module_63_Use_After_Free_v2.mp4)

</details>


<details><summary>:black_flag: Suppress Finding</summary>

- [ ] ... as False Alarm
- [ ] ... as Acceptable Risk

</details>


</td></tr><tr><td colspan='6'>&nbsp;</td></tr>

<tr><td><a href='#'><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20></a> High</td><td>Double Free</td><td>

[CWE-415](https://cwe.mitre.org/data/definitions/415.html)

</td><td>

[fcache.c:438](https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/fcache.c#L438)

</td><td>1</td><td>2025-01-15 05:55pm</td></tr><tr><td colspan='6'><details><summary><a href='#'><img src='https://saas.mend.io/sast/favicon.png' width=15 height=15></a> Vulnerable Code</summary>

https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/fcache.c#L433-L438

<details>
<summary>1 Data Flow/s detected</summary></br>


https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/fcache.c#L438

</details>
</details>

<details>

<summary><a href='#'><img src='https://integration-api.securecodewarrior.com/explorer/favicon-32x32.png' width=15 height=15></a> Secure Code Warrior Training Material</summary>

● Training

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Double Free Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/memory/double_free/cpp/vanilla)

● Videos

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Double Free Video](https://media.securecodewarrior.com/v2/module_156_double_free.mp4)

</details>


<details><summary>:black_flag: Suppress Finding</summary>

- [ ] ... as False Alarm
- [ ] ... as Acceptable Risk

</details>


</td></tr><tr><td colspan='6'>&nbsp;</td></tr>

<tr><td><a href='#'><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20></a> High</td><td>Out of Buffer Bounds Write</td><td>

[CWE-787](https://cwe.mitre.org/data/definitions/787.html)

</td><td>

[errmsg.h:142](https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/errmsg.h#L142)

</td><td>1</td><td>2025-01-15 05:55pm</td></tr><tr><td colspan='6'><details><summary><a href='#'><img src='https://saas.mend.io/sast/favicon.png' width=15 height=15></a> Vulnerable Code</summary>

https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/errmsg.h#L137-L142

<details>
<summary>1 Data Flow/s detected</summary></br>


https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/errmsg.h#L142

</details>
</details>

<details>

<summary><a href='#'><img src='https://integration-api.securecodewarrior.com/explorer/favicon-32x32.png' width=15 height=15></a> Secure Code Warrior Training Material</summary>

● Training

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Out of Buffer Bounds Write Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/memory/buffer/cpp/vanilla)

● Videos

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Out of Buffer Bounds Write Video](https://media.securecodewarrior.com/v2/Module_56_Buffer_Overflow_v2.mp4)

</details>


<details><summary>:black_flag: Suppress Finding</summary>

- [ ] ... as False Alarm
- [ ] ... as Acceptable Risk

</details>


</td></tr><tr><td colspan='6'>&nbsp;</td></tr>

<tr><td><a href='#'><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20></a> Medium</td><td>Time of Check Time of Use</td><td>

[CWE-367](https://cwe.mitre.org/data/definitions/367.html)

</td><td>

[devmem.c:91](https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/devmem.c#L91)

</td><td>1</td><td>2025-01-15 05:55pm</td></tr><tr><td colspan='6'><details><summary><a href='#'><img src='https://saas.mend.io/sast/favicon.png' width=15 height=15></a> Vulnerable Code</summary>

https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/devmem.c#L86-L91

<details>
<summary>1 Data Flow/s detected</summary></br>


https://github.com/delphix/libkdumpfile/blob/0da5b3b2d7a8b69d348aa8fa29ce098d8ec5248c/src/kdumpfile/devmem.c#L91

</details>
</details>

<details>

<summary><a href='#'><img src='https://integration-api.securecodewarrior.com/explorer/favicon-32x32.png' width=15 height=15></a> Secure Code Warrior Training Material</summary>

● Training

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Time of Check Time of Use Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/blog/generic/cpp/vanilla)

● Videos

&nbsp;&nbsp;&nbsp;▪ [Secure Code Warrior Time of Check Time of Use Video](https://media.securecodewarrior.com/v2/Business_Logic_v2.mp4)

</details>


<details><summary>:black_flag: Suppress Finding</summary>

- [ ] ... as False Alarm
- [ ] ... as Acceptable Risk

</details>


</td></tr></tbody></table>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Code Security Report: 3 high severity findings, 4 total findings [develop] #37

Code Security Report

Scan Metadata

Finding Details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Code Security Report: 3 high severity findings, 4 total findings [develop] #37

Description

Code Security Report

Scan Metadata

Finding Details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions