New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report a Trophy #286
Comments
@andreafioraldi 12 new CVEs in FreeRDP CVE-2020-13396 More info at https://securitylab.github.com/research/fuzzing-sockets-FreeRDP Regards |
This comment has been minimized.
This comment has been minimized.
Cool! |
Here's a trophy -- took maybe an hour to write a test harness: mjansson/mdns@4c64fba |
Recently I discovered the following bugs using AFL++. FFmpeg: HEVC NULL pointer dereference GNOME: Mishandle NULL pointer in the xps converter GNU core utilities: Heap underflow when expr(1) mishandles unmatched QEMU: CVE-2020-29129 CVE-2020-29130 OOB access while processing ARP/NCSI packets in SLiRP Thank you! |
The ticket number of coreutils' bug is Bug 1919775. But this ticket is now private since the Red Hat guys and I thought this was a security-related flaw (the upstream developers disagree with it). It will be public in the future. Btw, could you change the name Thank you! |
yes i just put your github nick, will change asap |
CVE-2021-27804 multiple vulnerabilities in jpeg-xl |
Can you please share the exact AFL++ config that you set to discover this vulnerability? cmplog, asan, or others? |
that was a mix of 16 afl++ instances. 2 with cmplog, 1 with laf-intel, the rest a mix of with/without -Z, -L0, -p schedule, no testcase trimming etc. with their last release I could trigger crashes with just a few minutes runtime. but did not report anymore as they were not flagging any of the releases - where they fixed my reports - as security relevant. initial you will need quite some hours until you have a good corpus (and you need to create proper input files as well for that) |
Thanks. I heard that ASAN have a good impact on fuzzing as it will makes the fuzzing more sensible to memory corruption bugs. Do you mean it isn't not required anymore for detecting this class of bugs and cmplog is enough? |
if a memory corruption results not in a crash then this is something asan will find. if it crashes anyway then asan doesnt help. I usually have 1 asan instance in the fuzzing campaign. note that libfuzzer needs asan to solve fuzzing constraints, afl++ doesnt. |
postgresql: Crash while parsing zero-symbols in jsonb string representation found by me: Nikolay Shaplov (Postgres Professional) |
Nodejs: Best regards, Alexander! |
…ent), added commas to the lists of bugs
Added @a-shvedov 's info to the site as pull-request. |
@andreafioraldi Found a CVE in zlog library using AFL++ |
Added this to AFLplusplus/Website#8 hope somebody will merge it eventually... |
Comment here if you found bugs using AFL++ and want to be listed in the trophies section.
The trophies section is on the main page of the website: https://aflplus.plus/#trophies
The text was updated successfully, but these errors were encountered: