OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are n…| Guido Vranken
Larry Stefonic of wolfSSL contacted me after he’d noticed my project for fuzzing cryptographic libraries called Cryptofuzz. We agreed that I would write a Cryptofuzz module for wolfSSL. I activated…| Guido Vranken
I wrote a fuzzer for libsrtp for purely recreational reasons. I reported the bugs I found to the libsrtp security mailing list several months ago. Finally those bugs seem to have been fixed in the …| Guido Vranken
In May I started building fuzzers for OpenVPN because I liked engaging in the challenge of finding more vulnerabilities after two fresh audits. I never intended or expected to receive money for thi…| Guido Vranken
I got some requests to fuzz Bitcoin, so I did. They can be found here: I expect them to be merged into the main project soon. So far only one issue has been found: . This code is currently unused a…| Guido Vranken
Cryptofuzz Cryptofuzz is a project that fuzzes cryptographic libraries and compares their output in order to find implementation discrepancies. It’s quite effective and has already found a lo…| Guido Vranken
The attached document describes a new fuzz testing engine I have been busy with. As a power user of fuzzing libraries I’ve noticed some shortcomings (in my view) of the existing offers, and d…| Guido Vranken
A security audit of the widely used SoftEther VPN open source VPN client and server software [1] has uncovered 11 remote security vulnerabilities. The audit has been commissioned by the Max Planck …| Guido Vranken
This concerns a remote buffer overflow vulnerability in OpenVPN. It has been fixed in OpenVPN 2.4.4 and 2.3.18. It is suspected that only a small number of users is vulnerable to this issue, becaus…| Guido Vranken
“FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs.…| Guido Vranken