-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
289 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-555 | ||
| package: | ||
| name: jackson-core | ||
| ecosystem: OSS-Fuzz | ||
| summary: Uncaught exception in java.base/java.util.concurrent.ConcurrentHashMap.putVal | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32395 | ||
| Crash type: Uncaught exception | ||
| Crash state: | ||
| java.base/java.util.concurrent.ConcurrentHashMap.putVal | ||
| java.base/java.util.concurrent.ConcurrentHashMap.put | ||
| com.fasterxml.jackson.core.util.InternCache.intern | ||
| severity: LOW | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/FasterXML/jackson-core | ||
| introduced: b051c9036ee505a7e85c81a704e2e43c5397200f:8a2036e948ee849b922121c061c002cb0e131bfa | ||
| fixed: 0deae137735e1c81159e83bd1b4613e6d6b36501 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32395 | ||
| modified: '2021-03-25T00:00:09.158456Z' | ||
| created: '2021-03-25T00:00:09.158172Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-556 | ||
| package: | ||
| name: jackson-core | ||
| ecosystem: OSS-Fuzz | ||
| summary: Uncaught exception in java.base/java.util.Arrays.copyOf | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32423 | ||
| Crash type: Uncaught exception | ||
| Crash state: | ||
| java.base/java.util.Arrays.copyOf | ||
| com.fasterxml.jackson.core.util.TextBuffer.expandCurrentSegment | ||
| com.fasterxml.jackson.core.json.UTF8StreamJsonParser.addName | ||
| severity: LOW | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/FasterXML/jackson-core | ||
| introduced: b051c9036ee505a7e85c81a704e2e43c5397200f:8a2036e948ee849b922121c061c002cb0e131bfa | ||
| fixed: 8a2036e948ee849b922121c061c002cb0e131bfa:0deae137735e1c81159e83bd1b4613e6d6b36501 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32423 | ||
| modified: '2021-03-25T00:01:02.374211Z' | ||
| created: '2021-03-25T00:01:02.373925Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-558 | ||
| package: | ||
| name: jackson-core | ||
| ecosystem: OSS-Fuzz | ||
| summary: Uncaught exception in java.base/java.nio.Buffer.<init> | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32399 | ||
| Crash type: Uncaught exception | ||
| Crash state: | ||
| java.base/java.nio.Buffer.<init> | ||
| java.base/java.nio.CharBuffer.<init> | ||
| java.base/java.nio.HeapCharBuffer.<init> | ||
| severity: LOW | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/FasterXML/jackson-core | ||
| introduced: b051c9036ee505a7e85c81a704e2e43c5397200f:8a2036e948ee849b922121c061c002cb0e131bfa | ||
| fixed: 0deae137735e1c81159e83bd1b4613e6d6b36501:66b44ad1c0e1715454725b6d6ddade3102311584 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32399 | ||
| modified: '2021-03-25T00:01:05.933714Z' | ||
| created: '2021-03-25T00:01:05.933424Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-559 | ||
| package: | ||
| name: jackson-core | ||
| ecosystem: OSS-Fuzz | ||
| summary: Uncaught exception in java.base/java.nio.CharBuffer.wrap | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32405 | ||
| Crash type: Uncaught exception | ||
| Crash state: | ||
| java.base/java.nio.CharBuffer.wrap | ||
| java.base/sun.nio.cs.StreamDecoder.implRead | ||
| java.base/sun.nio.cs.StreamDecoder.read | ||
| severity: LOW | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/FasterXML/jackson-core | ||
| introduced: b051c9036ee505a7e85c81a704e2e43c5397200f:8a2036e948ee849b922121c061c002cb0e131bfa | ||
| fixed: 8a2036e948ee849b922121c061c002cb0e131bfa:0deae137735e1c81159e83bd1b4613e6d6b36501 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32405 | ||
| modified: '2021-03-25T00:01:07.914466Z' | ||
| created: '2021-03-25T00:01:07.913753Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-564 | ||
| package: | ||
| name: jackson-core | ||
| ecosystem: OSS-Fuzz | ||
| summary: Uncaught exception in com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeArray | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32514 | ||
| Crash type: Uncaught exception | ||
| Crash state: | ||
| com.fasterxml.jackson.databind.deser.std.BaseNodeDeserializer.deserializeArray | ||
| java.base/java.lang.Module.isStaticallyExportedOrOpen | ||
| java.base/java.lang.Module.implIsExportedOrOpen | ||
| severity: LOW | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/FasterXML/jackson-core | ||
| introduced: 8a2036e948ee849b922121c061c002cb0e131bfa:0deae137735e1c81159e83bd1b4613e6d6b36501 | ||
| fixed: 0deae137735e1c81159e83bd1b4613e6d6b36501:66b44ad1c0e1715454725b6d6ddade3102311584 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32514 | ||
| modified: '2021-03-27T00:00:03.319979Z' | ||
| created: '2021-03-27T00:00:03.319694Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-552 | ||
| package: | ||
| name: jackson-dataformats-binary | ||
| ecosystem: OSS-Fuzz | ||
| summary: Uncaught exception in java.base/java.lang.ClassLoader.defineClass0 | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32407 | ||
| Crash type: Uncaught exception | ||
| Crash state: | ||
| java.base/java.lang.ClassLoader.defineClass0 | ||
| java.base/java.lang.System$2.defineClass | ||
| java.base/java.lang.invoke.MethodHandles$Lookup$ClassDefiner.defineClass | ||
| severity: LOW | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/FasterXML/jackson-dataformats-binary | ||
| introduced: 5b10d2317b7dbb41b6642523f5720052848027f7 | ||
| fixed: 437353d8f6c3cd8ea50bb66ddfe9787a7960c874:5fefc76b5a446d9afc62975e64ad46b707804639 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32407 | ||
| modified: '2021-03-25T00:00:02.194449Z' | ||
| created: '2021-03-25T00:00:02.194060Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| id: OSV-2020-2285 | ||
| package: | ||
| name: pcapplusplus | ||
| ecosystem: OSS-Fuzz | ||
| summary: Bad-cast to pcpp::Layer from invalid vptr | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28945 | ||
| Crash type: Bad-cast | ||
| Crash state: | ||
| Bad-cast to pcpp::Layer from invalid vptr | ||
| pcpp::IDnsResource::getRawData | ||
| pcpp::DnsResource::getDataLength | ||
| severity: HIGH | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/seladb/PcapPlusPlus | ||
| introduced: 633fdfb78b85d795f4b437cdb5fbdc041ae2b622:54fcc6190efeeb54dc6d66c809ec7b7e7308eab8 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28945 | ||
| modified: '2021-03-09T05:46:43.813735Z' | ||
| created: '2020-12-25T00:01:03.941509Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| id: OSV-2021-563 | ||
| package: | ||
| name: serenity | ||
| ecosystem: OSS-Fuzz | ||
| summary: Heap-use-after-free in AK::NonnullOwnPtr<JS::IndexedPropertyStorage>::operator-> | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32459 | ||
| Crash type: Heap-use-after-free READ 8 | ||
| Crash state: | ||
| AK::NonnullOwnPtr<JS::IndexedPropertyStorage>::operator-> | ||
| JS::IndexedProperties::array_like_size | ||
| JS::IndexedProperties::append | ||
| severity: HIGH | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/SerenityOS/serenity | ||
| introduced: 51b880b0383089822f513330cd64f93b54b9f21c | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32459 | ||
| modified: '2021-03-26T00:01:07.954353Z' | ||
| created: '2021-03-26T00:01:07.954062Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-562 | ||
| package: | ||
| name: w3m | ||
| ecosystem: OSS-Fuzz | ||
| summary: Segv on unknown address in GC_generic_malloc_many | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32453 | ||
| Crash type: Segv on unknown address | ||
| Crash state: | ||
| GC_generic_malloc_many | ||
| GC_malloc_atomic | ||
| Strnew_size | ||
| severity: MEDIUM | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/tats/w3m | ||
| introduced: d9d9d7b278c9efbcf138bc45dccf06a216a1b69a | ||
| fixed: 5a1059b6f3ab031afa48c5ddcd81392444de53a9 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32453 | ||
| modified: '2021-03-26T00:00:11.572278Z' | ||
| created: '2021-03-26T00:00:11.571998Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-430 | ||
| package: | ||
| name: wireshark | ||
| ecosystem: OSS-Fuzz | ||
| summary: Stack-buffer-overflow in tvb_memcpy | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31198 | ||
| Crash type: Stack-buffer-overflow WRITE {*} | ||
| Crash state: | ||
| tvb_memcpy | ||
| composite_memcpy | ||
| _tvb_get_nstringz | ||
| severity: HIGH | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://gitlab.com/wireshark/wireshark.git | ||
| introduced: 23a5f6a17767c39a7ed04df438ae3b4bf1fe90d8 | ||
| fixed: 2ba52cdc0e4216dafdfc32498fc0210c99449ec9 | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31198 | ||
| modified: '2021-03-09T01:09:34.153326Z' | ||
| created: '2021-02-22T00:00:22.320320Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: OSV-2021-461 | ||
| package: | ||
| name: wolfssl | ||
| ecosystem: OSS-Fuzz | ||
| summary: Heap-buffer-overflow in ProcessReply | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31527 | ||
| Crash type: Heap-buffer-overflow READ 1 | ||
| Crash state: | ||
| ProcessReply | ||
| wolfSSL_connect | ||
| client.c | ||
| severity: MEDIUM | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/wolfssl/wolfssl | ||
| introduced: deaf3b4b40d26663191d085557fbeb8cafa420ae:881657782478cef4a1527847bb2c4cd427bd6c99 | ||
| fixed: 8bee2af550750d93dbfc7f790be33a6d6f077d49 | ||
| versions: | ||
| - v4.6.0-stable | ||
| - v4.7.0-stable | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31527 | ||
| modified: '2021-03-09T05:01:39.904987Z' | ||
| created: '2021-03-01T00:00:11.827075Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| id: OSV-2021-561 | ||
| package: | ||
| name: wuffs | ||
| ecosystem: OSS-Fuzz | ||
| summary: UNKNOWN WRITE in wuffs_base__pixel_swizzler__bgr__bgra_premul__src | ||
| details: | | ||
| OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32451 | ||
| Crash type: UNKNOWN WRITE | ||
| Crash state: | ||
| wuffs_base__pixel_swizzler__bgr__bgra_premul__src | ||
| wuffs_base__pixel_swizzler__swizzle_interleaved_from_slice | ||
| fuzz | ||
| severity: HIGH | ||
| affects: | ||
| ranges: | ||
| - type: GIT | ||
| repo: https://github.com/google/wuffs.git | ||
| introduced: 41bfcabd3a7e9735299ff011654f45f2100bc244 | ||
| fixed: b645180357d2ba2a5dcd610fff4ffe2872540dad | ||
| references: | ||
| - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32451 | ||
| modified: '2021-03-26T00:00:06.909059Z' | ||
| created: '2021-03-26T00:00:06.908702Z' |