Recently I shared some information about potential memory safety bugs in the Apache web server together with Craig Young. One issue that came up in that context is the so-called pool allocator Apache is using.| The Fuzzing Project
During some tests of TLS libraries I found a stack buffer overflow vulnerability in the WolfSSL library.| The Fuzzing Project
I recently got an E-Mail from Tobias Stöckmann, who reminded me of some bugs I had almost forgotten. When I started the Fuzzing Project I reported two bugs in import parsers of the GIMP. Tobias managed to write an exploit for one of them.| The Fuzzing Project
Shortly after I published details about the Optionsbleed bug I learned about something quite surprising: Others had already discovered this bug before, but have neither pinned it down to Apache nor recognized that it is a security vulnerability.| The Fuzzing Project
If you're using the HTTP protocol in everday Internet use you are usually only using two of its methods: GET and POST. However HTTP has a number of other methods, so I wondered what you can do with them and if there are any vulnerabilities.| blog.fuzzing-project.org
I recently did some testing of the qpdf library with afl and libfuzzer. I discovered an input sample that would generate a high CPU load spike and eventually after several minutes cause an out of memory error. It looked like the parser was caught in some kind of endless loop.| The Fuzzing Project
This post first appeared on oss-security.| The Fuzzing Project
To improve security, modern systems contain many mitigation strategies that try to make it harder to exploit security vulnerabilities. Commonly used strategies include stack canaries, address space layout randomization (ASLR) and nonexecutable memory pages. Unfortunately the Linux distributions have been slow in adopting ASLR, but this is finally changing.| The Fuzzing Project
The way the Apache httpd web server handles password hashes can be abused by a malicious user on a server to cause resource exhaustion and denial of service of the web server. I reported this a while ago to the Apache security team - which led to a lengthy discussion where I was a bit appalled about some of the statements I got from the Apache developers. They can be summed up in a way that major use cases of Apache - especially in web hosting environments - are not recommended by their devel...| The Fuzzing Project
When using fuzzing tools like afl a common challenge is how you can pass input to the interesting parts of the application you want to fuzz. In easy situations we have a tool that will accept our input as a file or via stdin. However sometimes this is not easily possible.| The Fuzzing Project
I recently reported how I found various bugs in the bignum implementation of MatrixSSL, some of them leading to remotely exploitable vulnerabilities.| The Fuzzing Project
By testing GNOME-related packages with Address Sanitizer I recently discovered several trivial to find bugs.| The Fuzzing Project
Last year in November I decided that it might be a good idea to fuzz the parsers of package management tools in Linux distributions. I quickly found a couple of issues in DPKG and RPM. For DPKG the process went very smooth. I reported them to Debian's security team, eight days later fixes and security advisories were published by both Debian and Ubuntu, the main distributions using DPKG. For RPM the process was a bit more difficult.| The Fuzzing Project
If you've been following my fuzzing work you will be aware that I've fuzzed various bignum libraries and found several bugs by comparing implementations against each other.| The Fuzzing Project
Use after free in my_login() function of DBD::mysql (Perl module)| blog.fuzzing-project.org