You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use dependency-check to do our OWASP dependency check but it now fails with the following report:
<testsuite failures="9" errors="0" time="0" id="15" name="" package="MonkeyCache.FileStore:3.0.0-beta" skipped="0" tests="9" timestamp="2025-01-20T10:29:02.5891322">
<testcase classname="CVE-2007-1536" name="pkg:nuget/[email protected]">
<failure message="cvssV2: HIGH, score: 9.3 (/AV:N/AC:M/Au:N/C:C/I:C/A:C)"/>
<system-out>Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2019-18218" name="pkg:nuget/[email protected]">
<failure message="cvssV3: HIGH, score: 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A)"/>
<system-out>cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-9653" name="pkg:nuget/[email protected]">
<failure message="cvssV2: HIGH, score: 7.5 (/AV:N/AC:L/Au:N/C:P/I:P/A:P)"/>
<system-out>readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-8117" name="pkg:nuget/[email protected]">
<failure message="cvssV2: MEDIUM, score: 5.0 (/AV:N/AC:L/Au:N/C:N/I:N/A:P)"/>
<system-out>softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-9652" name="pkg:nuget/[email protected]">
<failure message="cvssV2: MEDIUM, score: 5.0 (/AV:N/AC:L/Au:N/C:N/I:N/A:P)"/>
<system-out>The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-2270" name="pkg:nuget/[email protected]">
<failure message="cvssV2: MEDIUM, score: 4.3 (/AV:N/AC:M/Au:N/C:N/I:N/A:P)"/>
<system-out>softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-3479" name="pkg:nuget/[email protected]">
<failure message="cvssV2: MEDIUM, score: 4.3 (/AV:N/AC:M/Au:N/C:N/I:N/A:P)"/>
<system-out>The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-3480" name="pkg:nuget/[email protected]">
<failure message="cvssV2: MEDIUM, score: 4.3 (/AV:N/AC:M/Au:N/C:N/I:N/A:P)"/>
<system-out>The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
<testcase classname="CVE-2014-3487" name="pkg:nuget/[email protected]">
<failure message="cvssV2: MEDIUM, score: 4.3 (/AV:N/AC:M/Au:N/C:N/I:N/A:P)"/>
<system-out>The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.</system-out>
<system-err>location: , project-references: [ ]</system-err>
</testcase>
</testsuite>
Could you maybe look into this?
Thanks in advance!
Kind regards,
Bente
The text was updated successfully, but these errors were encountered:
Hi,
We use dependency-check to do our OWASP dependency check but it now fails with the following report:
Could you maybe look into this?
Thanks in advance!
Kind regards,
Bente
The text was updated successfully, but these errors were encountered: