stasel/WebRTC

MobSF Security scan issues

pnaandi99 opened this issue · 1 comments

Hi @stasel We recently conducted a security scan using MobSF security framework and identified a few security vulnerabilities mentioned below.

  1. Binary makes use of insecure API(s) - The binary may contain the following insecure API(s) _fopen , _memcpy , _printf , _sscanf , _strcpy , _strlen , _strncpy
  2. Binary makes use of malloc function
  3. Application binary has rpath set - The binary has Runpath Search Path (@ rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable forWar code execution and privilege escalation. Remove the compiler option -rpath to remove @ rpath.
    Please advise of remediation plans for these issues. Happy to provide additional information/ context. Thanks!

Hi @pnaandi99
Thank you for reporting this issue.
Unfortunately I cannot take any responsibility on the implementation of the library. This repository is compiling the unmodified source code.

If you have security concerns about the WebRTC implementation, it is a good idea to reach out to discuss-webrtc group for more information.