Halcy0nic
Halcy0nic
Hi there! I was running my fuzzer in the background when I discovered a double free in the SimpleNetwork TCPServer. ## Impact Triggering the double free will allow client to...
Hello @nereusx I hope all is well on your end! After pulling the most recent version of md2roff (Version 1.9 at the time of writing), I ran my fuzz tests...
Hi! Similar to [issue 7](https://github.com/chendotjs/lotos/issues/7), I discovered a second remote use-after-free vulnerability. The use-after-free occurs in static inline char *buffer_end(const buffer_t *pb), line 32: https://github.com/chendotjs/lotos/blob/3eb36cc3723a1dc9bb737505f0c8a3538ee16347/src/buffer.h#L31-L33 Any project that utilizes lotos...
Hi! After executing my fuzz tests I discovered a remote use-after-free vulnerability in static inline size_t buffer_avail(const buffer_t *pb) at buffer.h, line 25: https://github.com/chendotjs/lotos/blob/3eb36cc3723a1dc9bb737505f0c8a3538ee16347/src/buffer.h#L25 Any project that utilizes lotos (including...
Hi! I was running my fuzzer in the background again when I discovered a global buffer overflow bug in the SimpleNetwork TCPServer. ## Compiling the project ``` $ cd src...
Hi! When executing my fuzz tests, I discovered that SSRC Version 1.33 suffers from a divide by zero bug [(CWE-369)](https://cwe.mitre.org/data/definitions/369.html) when supplied with malformed input in the form of a...
Hi! While I was running my fuzz tests in the background I discovered multiple memory corruption security flaws in libforth Version 4.0 at various locations. I have attached a zip...
Hi! While executing my fuzz tests, I discovered an off-by-one buffer overflow in void respond(int slot), line 173: https://github.com/foxweb/pico/blob/f3b69a65d7f8cd1ab0ecb027ae6d02881e8d83f7/httpd.c#L173 Any project that utilizes pico is potentially vulnerable. I have outlined...
Hi! While executing my fuzz tests, I discovered a null pointer dereference in void respond(int slot) at httpd.c, lines 201-215: https://github.com/foxweb/pico/blob/f3b69a65d7f8cd1ab0ecb027ae6d02881e8d83f7/httpd.c#L199-L210 Any project that utilizes pico is potentially vulnerable. I...
Hi @sasagawa888! I compiled the most recent version of nprolog (Ver 1.94) and added it to my fuzz tests. It looks like there are a couple memory corruption issues at...