This small article is an intermediate result of a search on a topic of already known vulnerabilities in open source C# projects. I wanted to look at the examples of code that was vulnerable, which has been the cause of a regular CVE appearing, but it turned out that it was not that easy...
I have already faced a similar issue regarding the C and C++ programming languages, and I would like to make a small reference to previous work, so that the question of the matter rendered in title, became more understandable.
I will not go into detail, I will just give a description in a few sentences. A previous aim was similar - to see which CVE were found in open source C/C++ projects and find out if PVS-Studio was able to find such problems. According to the results of the work, I found several interesting vulnerabilities (if I continued working in that direction, I'm sure, I would find even more), which could have been prevented in case of using PVS-Studio. The experiment ended successfully, and, on this basis, I wrote an article "How Can PVS-Studio Help in the Detection of Vulnerabilities?".
A convenient advantage was that in the CVE description the references to commits, closing a vulnerability, were often included. Thus, looking through the history of code changes, you could understand what was the vulnerability, and the way it was closed. As a result, the issue was about finding something interesting among these corrections.
In summary, there are several points that make the CVE outstanding as convenient for a check:
If CVE meets these requirements, most likely it will be available for detection using static analysis of the source code.
I had made several tries from different sides towards finding vulnerabilities in open source C# projects, but they all have not produced the expected outcome.
Here are the basic approaches that I have used:
To my great surprise, none of these approaches has yielded the desired result, as a tiny number of vulnerabilities was found, which had links to the source code, so that you could accurately understand the point of the problem.
Having experience of working with such projects on C/C++, I was really surprised by a small number of documented vulnerabilities of C# projects in CVE database at all.
In general, I was surprised with this situation regarding vulnerabilities in C# projects. Why so few of them? Why are there few examples of vulnerabilities that have been closed?
Is the situation actually as it is? Or was there some flaw in my approaches, which did not let me get the desired result?
If you have examples of vulnerable code (documented, i.e. which has a CVE identifier) or you noticed some apparent flaw in my approach, not allowing obtaining the expected results, please, email me at the address email@example.com, I will read your suggestions/comments with a great interest.
Below I would like to give a list of vulnerabilities that had both the CVE identifier, and examples of vulnerable code. Perhaps, they will be interesting/useful for someone. Also, if you would like to offer a link on an example of code vulnerabilities in a email, please, make sure that the identifier is not in the following list.
There is no fragment in program code where you cannot make mistakes. You may actually make them in very simple fragments. While programmers have worked out the habit of testing algorithms, data exchange mechanisms and interfaces, it's much worse concerning security testing. It is often implemented on the leftover principle. A programmer is thinking: "I just write a couple of ...