Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFdMc-1FwzW+qar=rkCctgo-jdv4StD3izqBFWt8-CJFDxG1Yg@mail.gmail.com>
Date: Fri, 14 Feb 2025 07:58:01 -0300
From: Daniel Gutson <danielgutson@...il.com>
To: Nick Wellnhofer <wellnhofer@...um.de>
Cc: musl@...ts.openwall.com, oss-security@...ts.openwall.com
Subject: Re: CVE-2025-26519: musl libc: input-controlled out-of-bounds
 write primitive in iconv()

El vie, 14 feb 2025, 07:14, Nick Wellnhofer <wellnhofer@...um.de> escribió:

> On Feb 13, 2025, at 23:28, Daniel Gutson <danielgutson@...il.com> wrote:
> >
> > Curious: is there any info about how this was discovered?
>
> The bug was discovered with basic fuzz testing. As libxml2 maintainer, I
> found more and more issues in various iconv implementations by accident
> which is a strong indicator that all this code isn't tested enough. The
> iconv API is also trivial to fuzz, so it seemed like a nice weekend project.
>

Thanks, AFL?

My work is related to static checkers and linters (we will contribute an
important patch to weggli soon), so I was wondering if you used something
that used symbolic execution.

Nice job!


> Nick
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.