SQ14121
Detected Windows executable files that might not cover all statically linked libraries with safe exception handling vulnerability mitigation.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | medium | None | hardening: warning Reason: ineffective mitigations found |
About the issueโ
Safe Exception Handling (/SAFESEH) protects the code flow integrity by ensuring that exceptions are handled only by vetted functions. This mitigation is detected as enabled, but its effectiveness is impacted by the use of outdated precompiled code. It was determined that the application had been linked against static libraries produced by multiple toolchain versions. Because some of them predate the general availability of the safe exception handlers, it is likely that protection coverage gaps exist.
How to resolve the issueโ
- Recompile statically linked libraries with the same programming language toolchain version.
- In Microsoft VisualStudio, you can enable safe exception handling mitigation by passing the /SAFESEH parameter to the linker.
Incidence statisticsโ
Not relevant for this type of issue.
Recommended readingโ
- What is Exception Handling? (External resource - SoftCo)
- /SAFESEH (Image has Safe Exception Handlers) (External resource - Microsoft)
- A journey across static and dynamic libraries (External resource - internalpointers)