Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libnet-libdnet-perl-0.98/c/intf_entry.c Examining data/libnet-libdnet-perl-0.98/c/arp_entry.c Examining data/libnet-libdnet-perl-0.98/c/fw_rule.c Examining data/libnet-libdnet-perl-0.98/c/route_entry.c FINAL RESULTS: data/libnet-libdnet-perl-0.98/c/arp_entry.c:67:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->arp_pa), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/arp_entry.c:76:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->arp_ha), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/fw_rule.c:79:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->fw_device), SvPV(*r, PL_na), sizeof(ref->fw_device)); data/libnet-libdnet-perl-0.98/c/fw_rule.c:99:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->fw_src), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/fw_rule.c:108:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->fw_dst), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/intf_entry.c:99:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->intf_name), SvPV(*name, PL_na), data/libnet-libdnet-perl-0.98/c/intf_entry.c:120:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->intf_addr), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/intf_entry.c:129:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->intf_dst_addr), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/intf_entry.c:138:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->intf_link_addr), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/route_entry.c:59:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->route_dst), &a, sizeof(struct addr)); data/libnet-libdnet-perl-0.98/c/route_entry.c:68:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ref->route_gw), &a, sizeof(struct addr)); ANALYSIS SUMMARY: Hits = 11 Lines analyzed = 447 in approximately 0.10 seconds (4423 lines/second) Physical Source Lines of Code (SLOC) = 311 Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 35.3698 [1+] 35.3698 [2+] 35.3698 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.