MobSF Security scan issues
pnaandi99 opened this issue · 1 comments
pnaandi99 commented
Hi @stasel We recently conducted a security scan using MobSF security framework and identified a few security vulnerabilities mentioned below.
- Binary makes use of insecure API(s) - The binary may contain the following insecure API(s) _fopen , _memcpy , _printf , _sscanf , _strcpy , _strlen , _strncpy
- Binary makes use of malloc function
- Application binary has rpath set - The binary has Runpath Search Path (@ rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable forWar code execution and privilege escalation. Remove the compiler option -rpath to remove @ rpath.
Please advise of remediation plans for these issues. Happy to provide additional information/ context. Thanks!
stasel commented
Hi @pnaandi99
Thank you for reporting this issue.
Unfortunately I cannot take any responsibility on the implementation of the library. This repository is compiling the unmodified source code.
If you have security concerns about the WebRTC implementation, it is a good idea to reach out to discuss-webrtc group for more information.