https://github.com/openssh/openssh-portable/pull/266
Opened by: Artem Shchelkunov
found by: Svace
Project: openssh-portable
Denoscription: memory leak
Opened by: Artem Shchelkunov
found by: Svace
Project: openssh-portable
Denoscription: memory leak
GitHub
Fix memory leak bug by Shchelk · Pull Request #266 · openssh/openssh-portable
the pointer to the allocated memory is overwritten and lost on line 889
https://github.com/luigirizzo/netmap/pull/808
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap
Denoscription: Use of vulnerable function 'sprintf' at netmap
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap
Denoscription: Use of vulnerable function 'sprintf' at netmap
GitHub
used snprintf function instead of sprintf by Shchelk · Pull Request #808 · luigirizzo/netmap
sprintf function is unsafe, used snprintf instead
https://github.com/squid-cache/squid/pull/878
Opened by: Artem Shchelkunov
found by: Svace
Project: squid
Denoscription: nil pointer dereference
Opened by: Artem Shchelkunov
found by: Svace
Project: squid
Denoscription: nil pointer dereference
GitHub
Fix Cache Digest nil and cbdata-invalid pointer dereferences by Shchelk · Pull Request #878 · squid-cache/squid
The nil pointer dereference detected by Svace static analysis tool:
warn: NULL_AFTER_DEREF
Pointer 'fetch->pd' which was dereferenced at peer_digest.cc:702 is
compared to NUL...
warn: NULL_AFTER_DEREF
Pointer 'fetch->pd' which was dereferenced at peer_digest.cc:702 is
compared to NUL...
https://github.com/luigirizzo/netmap-ipfw/pull/10
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap-ipfw
Denoscription: comparison of identical expressions
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap-ipfw
Denoscription: comparison of identical expressions
GitHub
fixed bug found by static analyzer by Shchelk · Pull Request #10 · luigirizzo/netmap-ipfw
Fixed bug that was found by static code analyzer
Comparison of identical expressions always evaluates to false at ip_fw_sockopt.c#L2348
Comparison of identical expressions always evaluates to false at ip_fw_sockopt.c#L2348
https://github.com/OISF/suricata/pull/6291
Opened by: Artem Shchelkunov
found by: Svace
Project: suricata
Denoscription: logic operator precedence in assignment can produce an unexpected result
Opened by: Artem Shchelkunov
found by: Svace
Project: suricata
Denoscription: logic operator precedence in assignment can produce an unexpected result
GitHub
fix: closing bracket was at wrong place by Shchelk · Pull Request #6291 · OISF/suricata
This bug was found by svace static code analyzer
warn: OP_PRECEDENCE_ASSIGN_CMP
msg: Logic operator precedence in assignment can produce an unexpected result
warn: OP_PRECEDENCE_ASSIGN_CMP
msg: Logic operator precedence in assignment can produce an unexpected result
https://github.com/NLnetLabs/unbound/pull/523
Opened by: Artem Shchelkunov
found by: Svace
Project: unbound
Denoscription: double free
State: Closed
Opened by: Artem Shchelkunov
found by: Svace
Project: unbound
Denoscription: double free
State: Closed
GitHub
fix: free() call more than once with the same pointer by Shchelk · Pull Request #523 · NLnetLabs/unbound
If in the function 'parse_create_msg' failed calls 'reply_info_alloc_rrset_keys' or 'parse_copy_decompress' than in the same place will be called rep...
https://github.com/NLnetLabs/unbound/pull/529
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: tainted int
Состояние: Закрыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: tainted int
Состояние: Закрыто
GitHub
Fix: log_assert does nothing if UNBOUND_DEBUG is undefined by Shchelk · Pull Request #529 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Integer value 'len' obtained from untrusted source at tube.c:374 by passing as 2nd parameter to function 'read...
Static analyzer message: Integer value 'len' obtained from untrusted source at tube.c:374 by passing as 2nd parameter to function 'read...
https://github.com/NLnetLabs/unbound/pull/531
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: passed to proc after free
Состояние: Закрыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: passed to proc after free
Состояние: Закрыто
GitHub
Fix: passed to proc after free by Shchelk · Pull Request #531 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Pointer 'dp' is passed to a function at iter_hints.c:401 after the referenced memory was deallocated at iter_hints.c:174 by p...
Static analyzer message: Pointer 'dp' is passed to a function at iter_hints.c:401 after the referenced memory was deallocated at iter_hints.c:174 by p...
https://github.com/NLnetLabs/unbound/pull/530
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: dereferencing a null pointer
Состояние: Открыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: dereferencing a null pointer
Состояние: Открыто
GitHub
Fix: dereferencing a null pointer by Shchelk · Pull Request #530 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Return value of a function 'reply_info_copy' is dereferenced at dns64.c:923 without checking, but it is usually checked for t...
Static analyzer message: Return value of a function 'reply_info_copy' is dereferenced at dns64.c:923 without checking, but it is usually checked for t...
https://github.com/NLnetLabs/unbound/pull/532
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: buffer overflow
Состояние: Открыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: buffer overflow
Состояние: Открыто
GitHub
Fix: buffer overflow bug by Shchelk · Pull Request #532 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Array 'token' of size 65536 bytes passed to function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as...
Static analyzer message: Array 'token' of size 65536 bytes passed to function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as...
Уважаемые подписчики! если кто-то желает быть соавтором канала - пишите мне (@socketpair), выдам права на постинг в этот канал.
https://github.com/tarantool/tarantool/pull/6614
Автор: Алексей Вишняков @SweetVishnya
Анализатор кода: Crusher (sydr-fuzz)
Проект: tarantool
Состояние: Закрыто
Автор: Алексей Вишняков @SweetVishnya
Анализатор кода: Crusher (sydr-fuzz)
Проект: tarantool
Состояние: Закрыто
GitHub
swim: fix out of bounds access in proto decode by SweetVishnya · Pull Request #6614 · tarantool/tarantool
I was playing with libFuzzer and found heap-buffer-overflow.
**pos is dereferenced before it is checked via *pos == end. This leads
to out of bounds access when *pos == end.
You can build Docker fr...
**pos is dereferenced before it is checked via *pos == end. This leads
to out of bounds access when *pos == end.
You can build Docker fr...
https://github.com/tfussell/xlnt/issues/592
https://github.com/tfussell/xlnt/issues/593
https://github.com/tfussell/xlnt/issues/594
https://github.com/tfussell/xlnt/issues/595
https://github.com/tfussell/xlnt/issues/596
https://github.com/tfussell/xlnt/issues/597
https://github.com/tfussell/xlnt/issues/598
Автор: Даниил Куц @dkutz
Анализатор кода: Crusher (sydr-fuzz)
Проект: xlnt
Состояние: Открыто
https://github.com/tfussell/xlnt/issues/593
https://github.com/tfussell/xlnt/issues/594
https://github.com/tfussell/xlnt/issues/595
https://github.com/tfussell/xlnt/issues/596
https://github.com/tfussell/xlnt/issues/597
https://github.com/tfussell/xlnt/issues/598
Автор: Даниил Куц @dkutz
Анализатор кода: Crusher (sydr-fuzz)
Проект: xlnt
Состояние: Открыто
GitHub
Segmentation fault in xlsx_consumer::read_office_document() · Issue #592 · tfussell/xlnt
Hi, I was playing with libFuzzer and found crash when opening xlsx-file with xlnt::workbook::load function. Segmentation fault occurs when loading crash-3bb6db12fd7659ef690ddb7208a1cb990feda70b.txt...
https://github.com/NLnetLabs/unbound/issues/637
Автор: Илай Кобрин @boban9292
Анализатор кода: Crusher (sydr-fuzz)
Проект: unbound
Состояние: Закрыто
Автор: Илай Кобрин @boban9292
Анализатор кода: Crusher (sydr-fuzz)
Проект: unbound
Состояние: Закрыто
GitHub
Integer Overflow in sldns_str2period function · Issue #637 · NLnetLabs/unbound
I've got an input to reach unsigned integer overflow error in sldns/parseutil.c:272 in sldns_str2period function, that leads to incorrect conversation from string to uint32_t. Also, other a...
🔥4👍1
https://github.com/troldal/OpenXLSX/issues/140
https://github.com/troldal/OpenXLSX/issues/139
Автор: Андрей Федотов @xcoldhandsx
Анализатор кода: Crusher (sydr-fuzz)
Проект: openxlsx
Состояние: Открыто
https://github.com/troldal/OpenXLSX/issues/139
Автор: Андрей Федотов @xcoldhandsx
Анализатор кода: Crusher (sydr-fuzz)
Проект: openxlsx
Состояние: Открыто
GitHub
Unhandled exception in OpenXLSX::XLDocument::open · Issue #140 · troldal/OpenXLSX
Hi, I was playing with libFuzzer and found crash when opening xlsx-file with OpenXLSX::XLDocument::open function. Exception occurs when opening crash-cd5bb1b9addfd97940dd1a3ed9a7bd590471c2a0.txt fi...
👍5
https://github.com/pytorch/pytorch/issues/74798
Автор: Андрей Федотов @xcoldhandsx
Анализатор кода: Crusher (sydr-fuzz)
Проект: miniz-2.0.8 (pytorch third_party)
Состояние: Открыто
Автор: Андрей Федотов @xcoldhandsx
Анализатор кода: Crusher (sydr-fuzz)
Проект: miniz-2.0.8 (pytorch third_party)
Состояние: Открыто
GitHub
Heap buffer overflow in third_party: miniz-2.0.8 · Issue #74798 · pytorch/pytorch
🐛 Describe the bug Hi, I was doing some fuzzing with libFuzzer and found heap buffer overflow in third-party project miniz-2.0.8. Here is the crash input: crash-66b9f45360e6bf5130fb8a6f624f3a3eac54...
👍5
https://github.com/pytorch/pytorch/issues/77561
https://github.com/pytorch/pytorch/issues/77563
https://github.com/pytorch/pytorch/issues/77573
https://github.com/pytorch/pytorch/issues/77575
https://github.com/pytorch/pytorch/pull/77557
Автор: Даниил Куц @dkutz
Анализатор кода: Crusher (sydr-fuzz)
Проект: pytorch
Состояние: Открыто
https://github.com/pytorch/pytorch/issues/77563
https://github.com/pytorch/pytorch/issues/77573
https://github.com/pytorch/pytorch/issues/77575
https://github.com/pytorch/pytorch/pull/77557
Автор: Даниил Куц @dkutz
Анализатор кода: Crusher (sydr-fuzz)
Проект: pytorch
Состояние: Открыто
GitHub
Unhandled std::out_of_range exception in torch::jit::load() · Issue #77561 · pytorch/pytorch
🐛 Describe the bug Hi, I found uncaught exception during testing with libFuzzer. The out_of_range exception occurs at /pytorch/aten/src/ATen/core/ivalue_inl.h:501 during execution of torch::jit::lo...
🔥5
https://github.com/ntop/nDPI/issues/1574
Автор: Капранов Иван @jenkins_leroy
Анализатор кода: LibFuzzer
Проект: nDPI
Состояние: Закрыто
https://github.com/ntop/nDPI/issues/1575
Состояние: Открыто
Автор: Капранов Иван @jenkins_leroy
Анализатор кода: LibFuzzer
Проект: nDPI
Состояние: Закрыто
https://github.com/ntop/nDPI/issues/1575
Состояние: Открыто
GitHub
Heap-buffer-overflow in MemcmpInterceptorCommon · Issue #1574 · ntop/nDPI
Hi! I found heap-buffer-overflow( occurs at /src/lib/protocols/irc.c:522:10) during testing with libFuzzer. nDPI Environment: OS name: Ubuntu OS version: 20.04.4 LTS (Focal Fossa) Architecture: x86...
🔥5