1517 matches found
OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection
This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...
Following Dragons: Code Review-Guided Fuzzing
Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or overshadowed by lower-value paths that consume limited fuzzing...
SAFuzz: Semantic-Guided Adaptive Fuzzing for LLM-Generated Code
While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic awareness of algorithmic vulnerability patterns, leading...
OSV-2026-212 UNKNOWN READ in gpsd_poll
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482617785 Crash type: UNKNOWN READ Crash state: gpsdpoll FuzzDriversStructured.c...
DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-Hosted Monolithic Firmware Fuzzing
The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a...
fuzzing-portfolio-project
Fuzzing Portfolio Project: Heap Overflow Discovery Author:...
OSV-2026-205 UNKNOWN READ in gpsd_poll
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481932457 Crash type: UNKNOWN READ Crash state: gpsdpoll FuzzDrivers.c...
OSV-2026-196 Null-dereference READ in ubsan_GetStackTrace
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481752521 Crash type: Null-dereference READ Crash state: ubsanGetStackTrace...
OSV-2026-189 Global-buffer-overflow in gpsd_poll
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=480975802 Crash type: Global-buffer-overflow READ 1 Crash state: gpsdpoll FuzzDriversStructured.c...
OSV-2026-177 Security exception in org.apache.poi.util.IOUtils.safelyAllocate
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479908886 Crash type: Security exception Crash state: org.apache.poi.util.IOUtils.safelyAllocate org.apache.poi.hssf.record.RecordInputStream.readRemainder org.apache.poi.hssf.record.UnknownRecord...
SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution
Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...
CVE-2025-1395
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...
OSV-2026-166 Use-of-uninitialized-value in ntrip_parse_url
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479908873 Crash type: Use-of-uninitialized-value Crash state: ntripparseurl FuzzClient.c...
CVE-2025-1395
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...
CVE-2025-1395
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...
CVE-2025-1395 Sensitive Data Exposure in CoDeriApp's HeyGarson
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...
CVE-2025-1395 Sensitive Data Exposure in CoDeriApp's HeyGarson
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...
CVE-2025-1395
The CVE-2025-1395 entry describes a vulnerability in Codriapp Innovation and Software Technologies Inc.’s HeyGarson where error messages may expose sensitive information. The issue is triggered by fuzzing for application mapping and affects HeyGarson up to 30012026. The available connected docume...
EUVD-2025-206579
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...
Rust and Go Directed Fuzzing with LibAFL-DiFuzz
In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...