up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,56 @@
|
||||
{
|
||||
"schema_version": "patch-oracle/v1",
|
||||
"id": "curl-CVE-2023-38545-socks5-heap-reachable",
|
||||
"case_ref": "curl-CVE-2023-38545-socks5-heap",
|
||||
"variant": "reachable",
|
||||
"description": "Validates that the SOCKS5 heap overflow vulnerability path is reachable from network handler to vulnerable sink",
|
||||
"expected_functions": [
|
||||
{
|
||||
"symbol_id": "sym://net:handler#read",
|
||||
"kind": "entrypoint",
|
||||
"required": true,
|
||||
"reason": "Network read handler is the entry point for external data"
|
||||
},
|
||||
{
|
||||
"symbol_id": "sym://curl:curl.c#entry",
|
||||
"kind": "function",
|
||||
"required": true,
|
||||
"reason": "SOCKS5 protocol handling entry point"
|
||||
},
|
||||
{
|
||||
"symbol_id": "sym://curl:curl.c#sink",
|
||||
"kind": "function",
|
||||
"required": true,
|
||||
"reason": "Vulnerable buffer handling function"
|
||||
}
|
||||
],
|
||||
"expected_edges": [
|
||||
{
|
||||
"from": "sym://net:handler#read",
|
||||
"to": "sym://curl:curl.c#entry",
|
||||
"kind": "call",
|
||||
"min_confidence": 0.8,
|
||||
"required": true,
|
||||
"reason": "Data flows from network handler to SOCKS5 handler"
|
||||
},
|
||||
{
|
||||
"from": "sym://curl:curl.c#entry",
|
||||
"to": "sym://curl:curl.c#sink",
|
||||
"kind": "call",
|
||||
"min_confidence": 0.8,
|
||||
"required": true,
|
||||
"reason": "SOCKS5 handler invokes vulnerable buffer function"
|
||||
}
|
||||
],
|
||||
"expected_roots": [
|
||||
{
|
||||
"id": "sym://net:handler#read",
|
||||
"phase": "runtime",
|
||||
"required": true,
|
||||
"reason": "Network handler is the runtime entry point"
|
||||
}
|
||||
],
|
||||
"min_confidence": 0.5,
|
||||
"strict_mode": false,
|
||||
"created_at": "2025-12-13T00:00:00Z"
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
{
|
||||
"schema_version": "patch-oracle/v1",
|
||||
"id": "curl-CVE-2023-38545-socks5-heap-unreachable",
|
||||
"case_ref": "curl-CVE-2023-38545-socks5-heap",
|
||||
"variant": "unreachable",
|
||||
"description": "Validates that the SOCKS5 heap overflow vulnerability path is NOT reachable when SOCKS5 is disabled",
|
||||
"expected_functions": [
|
||||
{
|
||||
"symbol_id": "sym://net:handler#read",
|
||||
"kind": "entrypoint",
|
||||
"required": true,
|
||||
"reason": "Network read handler still exists but cannot reach vulnerable code"
|
||||
}
|
||||
],
|
||||
"expected_edges": [],
|
||||
"forbidden_functions": [
|
||||
{
|
||||
"symbol_id": "sym://curl:curl.c#sink",
|
||||
"reason": "Vulnerable sink should not be in call graph when SOCKS5 disabled"
|
||||
}
|
||||
],
|
||||
"forbidden_edges": [
|
||||
{
|
||||
"from": "sym://curl:curl.c#entry",
|
||||
"to": "sym://curl:curl.c#sink",
|
||||
"reason": "This edge should not exist when SOCKS5 is disabled"
|
||||
}
|
||||
],
|
||||
"min_confidence": 0.5,
|
||||
"strict_mode": false,
|
||||
"created_at": "2025-12-13T00:00:00Z"
|
||||
}
|
||||
Reference in New Issue
Block a user