1517 matches found
On the Effectiveness of Mutational Grammar Fuzzing
Posted by Ivan Fratric Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the...
OSV-2026-343 Heap-buffer-overflow in pcre2_compile_32
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=488713937 Crash type: Heap-buffer-overflow WRITE 4 Crash state: pcre2compile32 pcre2fuzzsupport.c...
curl: RTSP RTP Interleaved Parser Assertion Failure (Zero-Length RTP Payload)
Summary: I am submitting this as a security issue primarily due to how it was discovered and that it's my first Curl submission, but I suspect I might be overly cautious here. This issue was discovered as part of the AIXCC competition, and I am assisting on reporting true positive findings to...
RandSet: Randomized Corpus Reduction for Fuzzing Seed Scheduling
Seed explosion is a fundamental problem in fuzzing seed scheduling, where a fuzzer maintains a huge corpus and fails to choose promising seeds. Existing works focus on seed prioritization but still suffer from seed explosion since corpus size remains huge. We tackle this from a new perspective:...
OSV-2026-301 Use-of-uninitialized-value in pcpp::IPv6Extension::getExtensionLen
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486705308 Crash type: Use-of-uninitialized-value Crash state: pcpp::IPv6Extension::getExtensionLen pcpp::IPv6Layer::parseExtensions pcpp::IPv6Layer::IPv6Layer...
MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing
As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box fuzzing techniques, which are limited by their inability to...
APFuzz: Towards Automatic Greybox Protocol Fuzzing
Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...
GHSA-V7G2-M8C5-MF84 ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder
A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer...
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder
A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer...
FuzzySQL: Uncovering Hidden Vulnerabilities in DBMS Special Features with LLM-Driven Fuzzing
Traditional database fuzzing techniques primarily focus on syntactic correctness and general SQL structures, leaving critical yet obscure DBMS features, such as system-level modes e.g., GTID, programmatic constructs e.g., PROCEDURE, advanced process commands e.g., KILL, largely underexplored...
Automatic, Expressive, and Scalable Fuzzing with Stitching
Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test. Approaches that instead explore new sequences dynamically lack the...
“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...
OSV-2026-259 Use-of-uninitialized-value in tsip_parse_input
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=484859694 Crash type: Use-of-uninitialized-value Crash state: tsipparseinput gpsdpoll FuzzDrivers.c...
OSV-2026-255 UNKNOWN WRITE in nmeaid_to_prn
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=484666533 Crash type: UNKNOWN WRITE Crash state: nmeaidtoprn processGSV nmeaparse...
OSV-2026-242 Use-of-uninitialized-value in ntrip_parse_url
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=483900342 Crash type: Use-of-uninitialized-value Crash state: ntripparseurl FuzzClient.c...
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
CVE-2020-37104 ASTPP 4.0.1 VoIP Billing - Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
CVE-2020-37104
CVE-2020-37104 affects ASTPP 4.0.1 and describes an information disclosure where unauthenticated attackers can download database backup files by predicting 6‑digit PINs and fuzzing the backup download URL under /database_backup/. The vulnerability relates to information exposure of sensitive data...
Exploit for Path Traversal in Apache Http_Server
🔥 LFI-Destroyer – Authorized Penetration Testing Framework LFI-D...
PT-2026-7668
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...