PT-2022-36745 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue, as reported by OSS-Fuzz. The crash state includes Ins MSIRP, RunIns, and Instance Reset. No information is available about the estimated...

RUSTSEC-2022-0079 ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...

PT-2025-38424

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack overflow issue was resolved in the crypto/hisilicon/qm module of the Linux kernel. The vulnerability occurs due to insufficient bounds checking during the use of sscanf,...

SUSE SLES15 Security Update : helm (SUSE-SU-2022:3666-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3666-1 advisory. - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CVE-2022-1996 - Helm i...

PT-2022-37312 · Skia · Skia

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details include the crash type being a Heap-buffer-overflow READ 4, and the crash...

PT-2022-37273 · Git +1 · Hunspell

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash reported by OSS-Fuzz, with a Segv on an unknown address. The crash occurs in the HashMgr class, specifically in the add...

CVE-2022-36055

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

Input validation

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

CVE-2022-36055 Denial of service in Helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

CVE-2022-36055 Denial of service in Helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

Helm Vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

GHSA-7HFP-QFW3-5JXH Helm Vulnerable to denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

Denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

The Race to Secure eBPF for Windows

The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...

The Race to Secure eBPF for Windows

The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...

OSV-2022-17 Heap-buffer-overflow in ap_is_chunked

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43371 Crash type: Heap-buffer-overflow READ 1 Crash state: apischunked fuzzutils.c...

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

Microsoft is dedicated to working with the community and our customers to continuously improve and tune our platform and products to help defend against the dynamic and sophisticated threat landscape. Earlier this year, we announced that we would replace the existing software testing experience...

monero:cold-outputs_fuzz_tests: Crash in tools::wallet2::import_outputs

Project: https://github.com/monero-project/monero.git Detailed Report: https://oss-fuzz.com/testcase?key=5443075625975808 Project: monero Fuzzing Engine: libFuzzer Fuzz Target: cold-outputsfuzztests Job Type: libfuzzerasanmonero Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...

skia:sksl2glsl: Segv on unknown address in std::__1::__unique_if<SkSL::IntLiteral>::__unique_single std::__1::make_unique<S

Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=5706119457275904 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2glsl Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...