domato icon indicating copy to clipboard operation
domato copied to clipboard
verified publisher icon googleprojectzero

Domato CVE refs

Open zodiac-zodiac opened this issue 3 years ago • 3 comments

I noticed that the CVEs referred are bit old despite the fact that i was able to discover the recent CVE-2022-3040 with Domato.

I didn't know that this Domato finding was CVE-2022-3040, but when i tired to submit the bug i found a similar crash reported and submitted for the same code few months ago and then it was labeled as CVE-2022-3040 ( i wish i was bit faster :) )

I think we can add this new CVE ref in the readme ?

I can share the Domato output that triggered this crash identified in CVE-2022-3040, this was generated using the default template !

zodiac-zodiac avatar Oct 31 '22 02:10 zodiac-zodiac

Attached is the Domato output that triggered this crash in CVE-2022-3040

fuzz_3467842.txt output that triggered this

zodiac-zodiac avatar Oct 31 '22 02:10 zodiac-zodiac

Thanks for letting me know this was findable by Domato. The Domato CVE list in the README is unmaintained and contains just the bugs I found before Domato or some its featurese were released.

ifratric avatar Oct 31 '22 09:10 ifratric

Perfect, thank you Ivan. I submitted a PR with small text update to refer to this CVE in the README and also attached the original output file in the PR comment if needed (for reproducibility)

zodiac-zodiac avatar Oct 31 '22 12:10 zodiac-zodiac