140 matches found
Input validation
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...
CVE-2022-36055 Denial of service in Helm
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...
CVE-2022-36055 Denial of service in Helm
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...
GHSA-7HFP-QFW3-5JXH Helm Vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
Helm Vulnerable to denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
Denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
The Race to Secure eBPF for Windows
The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...
The Race to Secure eBPF for Windows
The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...
What is fuzz testing? What is it used to test for?
Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...
OSV-2022-17 Heap-buffer-overflow in ap_is_chunked
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43371 Crash type: Heap-buffer-overflow READ 1 Crash state: apischunked fuzzutils.c...
OPENSUSE-SU-2021:0752-1 Security update for jhead
This update for jhead fixes the following issues: jhead was updated to 3.06.0.1 lot of fuzztest fixes Apply a whole bunch of patches from Debian. Spell check and fuzz test stuff from Debian, nothing useful to human users. Add option to set exif date from date from another file. Bug fixes relating...
Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale
Microsoft is dedicated to working with the community and our customers to continuously improve and tune our platform and products to help defend against the dynamic and sophisticated threat landscape. Earlier this year, we announced that we would replace the existing software testing experience...
monero:cold-outputs_fuzz_tests: Crash in tools::wallet2::import_outputs
Project: https://github.com/monero-project/monero.git Detailed Report: https://oss-fuzz.com/testcase?key=5443075625975808 Project: monero Fuzzing Engine: libFuzzer Fuzz Target: cold-outputsfuzztests Job Type: libfuzzerasanmonero Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...
skia:sksl2glsl: Segv on unknown address in std::__1::__unique_if<SkSL::IntLiteral>::__unique_single std::__1::make_unique<S
Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=5706119457275904 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2glsl Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...
OSV-2020-800 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::c
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24051 Crash type: UNKNOWN READ Crash state: std::1::tree, std::1...
OSS-Fuzz - Continuous Fuzzing Of Open Source Software
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of...
AFLplusplus
This is a code repository for AFLplusplus, a tool for fuzz testing and vulnerability discovery. The repository contains various files and directories related to the project, including configuration files, makefiles, and documentation. The repository is organized as follows: .clang-format is a...
Echidna - Ethereum Fuzz Testing Framework
Echidna is a weird creature that eats bugs and is highly electrosensitive with apologies to Jacob Stanley More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety...
Successfully acquired WinRAR 19-year-old code-execution vulnerability-a vulnerability warning-the black bar safety net
In this paper, we describes how to use the WinAFL fuzz testing tool Find WinRAR in the logic error, and use it to completely control the volatile trap host story. The vulnerability only by extracting a carefully constructed archive file can be successfully exploited, so that more than 5 billion...
skia/api_mock_gpu_canvas: Heap-buffer-overflow in compute_pos_tan
Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5667344397893632 Project: skia Fuzzer: libFuzzerskiaapimockgpucanvas Fuzz target binary: apimockgpucanvas Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash...