13 lines
871 B
Plaintext
13 lines
871 B
Plaintext
Using sockets is security-sensitive. It has led in the past to the following vulnerabilities:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1785[CVE-2011-178]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645[CVE-2017-5645]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6597[CVE-2018-6597]
|
|
|
|
Sockets are vulnerable in multiple ways:
|
|
|
|
* They enable a software to interact with the outside world. As this world is full of attackers it is necessary to check that they cannot receive sensitive information or inject dangerous input.
|
|
* The number of sockets is limited and can be exhausted. Which makes the application unresponsive to users who need additional sockets.
|
|
|
|
This rules flags code that creates sockets. It matches only the direct use of sockets, not use through frameworks or high-level APIs such as the use of http connections.
|