OSV-2023-1364 Heap-buffer-overflow in processClientServerHello

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65362 Crash type: Heap-buffer-overflow READ 2 Crash state: processClientServerHello processTLSBlock ndpisearchtlsudp...

GO-2023-2160 Panic during QUIC handshake in github.com/quic-go/quic-go

The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic...

GHSA-8R7Q-R9MX-35RH Mishandling of format strings in rusqlite

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings...

go-dns:fuzz_msg_unpack: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5674594752266240 Project: go-dns Fuzzing Engine: libFuzzer Fuzz Target: fuzzmsgunpack Job Type: libfuzzerasango-dns Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000003ee72 Crash State: NULL Sanitizer: address ASAN Recommended...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...

file: Use-of-uninitialized-value in cdf_file_property_info

Project: https://github.com/file/file.git Detailed report: https://oss-fuzz.com/testcase?key=6035205854855168 Project: file Fuzzer: libFuzzerfilemagicfuzzer Fuzz target binary: magicfuzzer Job Type: libfuzzermsanfile Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...