The most dangerous vulnerability
is the one you can't see.
Source code static analysis for embedded software.
Find what's exploitable.
SecMate
DashboardProjectsScans
← Back to Projects
myfirmware
F
GradeVulnerabilities
3 High12 Med
Vulnerabilities
41 Total3 High12 Med26 Info
Integer Underflow on buffer_read.c CWE-191
myfirmware/src/buffer_read.c
High
92%
Classic Buffer Overflow on handler.c CWE-120
myfirmware/src/handler.c
High
88%
Out-of-bounds Write on plugin.c CWE-787
myfirmware/src/plugins/plugin.c
High
85%
See what attackers see.
Attack paths. Exploitability. Impact. Before they do.
For embedded software.
Finding what others miss.
src/coap_address.c
486coap_resolve_address_info(const coap_str_const_t *address,
487 uint16_t port,
488 uint16_t secure_port,
489 int ai_hints_flags) {
490
498 static char addrstr[256];
499 int error;
500
536 memset(addrstr, 0, sizeof(addrstr));
537 if (address && address->length)
538 memcpy(addrstr, address->s, address->length);
539 else
540 memcpy(addrstr, "localhost", 9);
We trace the invisible.
Exploitable
Proof, not promises.
What's hidden in yours?
obgm · libcoap
Static Buffer Overflow in Address Resolution
CVE-2025-34468
8.2
obgm · libcoap
Out-of-Bounds Read in OSCORE Parsing
CVE-2025-59391
6.5
NASA · CryptoLib
Heap Buffer Overflow in MariaDB SA Hexstring Conversion
CVE-2026-22027
5.7
Your threats. Your workflow.
Your answers.
Your threat model.
Your product. Understood.
SecMate
Threat ModelSystem Context
Embedded firmware for industrial sensor. Handles CAN bus communication and OTA updates.
ARM Cortex-M4 microcontroller. Connected via CAN bus to PLC network.
⚠TS-001
CRITICALThreat Agent:
Network attacker on local segment
Attack Path:
Intercept unsigned firmware payload and inject malicious code via buffer overflow
SAST FocusCRITICAL
Input validation in binary parsing routines
firmware_parse_header processes untrusted input before signature check
In every pull request.
Catch it before production.
Open
feat: add OTA firmware update handler
developer wants to merge 1 commit intomainfromfeature/ota-update
developeradded a commit that references this issuejust now
a3f8d2cfix: validate buffer length before memcpy
github-actionsbotcommented just now
SecMate's Security Review
Found 1 security issue to review:
1 HIGH
▼●HIGHInteger Underflow in buffer_read.c
firmware-demo/src/buffer_read.c:538💬Description
The length parameter is used directly in memcpy without validation, allowing integer underflow when length is negative or exceeds buffer bounds.
0.92 confidence
💡How to fix
Add bounds validation before memcpy: if (length <= 0 || length > sizeof(buffer)) return -1;
Powered by SecMate, your security companion • View Details
:)
Currently on GitHub. More integrations planned.
4 247 alerts. Only 4 real.
Your scanners. We make them useful.
Your alerts.
SAST Scanner
Findings
4 247
Critical
847
!CWE-120Buffer overflowCRITICAL
!CWE-416Use after freeHIGH
!CWE-190Integer overflowHIGH
!CWE-120Buffer overflowCRITICAL
!CWE-787Out-of-bounds writeHIGH
!CWE-416Use after freeHIGH
!CWE-122Heap overflowCRITICAL
!CWE-125Out-of-bounds readMEDIUM
... and 4 239 more
Answered.
SecMate
4validated
0false positives
RCE via buffer overflowEXPLOITABLE
src/net.c:538•Reachable from API•94% confidence
Memory corruptionEXPLOITABLE
src/mem.c:127•2-hop path•87% confidence
Out-of-bounds writeBUG ONLY
src/buf.c:201•Not reachable•91% confidence
Use after freeBUG ONLY
src/alloc.c:45•Dead code path•88% confidence
2 exploitable. 2 bugs. 4 243 false positives.
Works withSemgrepCoveritySonarQubeSnykCodeQLand more.
Your code. Your choice.
Two choices. Same results.
Option 1
SaaS
We host. You scan.
</>
Your code↓
SecMate Cloud
OpenAIGoogleMistralAnthropic
↓
✓
Results onlyOption 2
Self-hosted
You host. Full control.
Your Infrastructure
</>
Your code↓
Your SecMate
↓
Your LLMsLocal modelsPrivate cloud
Answers.
C, C++, Rust, Python, TypeScript, and Java.