Add image of OpenSSL bug (#10850)

This commit is contained in:
jonathanmetzman 2023-08-16 17:14:58 -04:00 committed by GitHub
parent b27de28c78
commit 2e1b3b5773
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

BIN
docs/images/punycode.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 307 KiB

View File

@ -205,6 +205,8 @@ The best result weve had is with the TinyXML2 project, where we managed to in
Additionally, we targeted OpenSSL from the perspective of discovering past vulnerabilities that were not found due to lack of fuzzing coverage. We were able to replicate [a similar fuzz target](https://storage.googleapis.com/oss-fuzz-llm-targets-public/openssl-ossl_punycode_decode/targets/15.c) that rediscovered [CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602). Additionally, we targeted OpenSSL from the perspective of discovering past vulnerabilities that were not found due to lack of fuzzing coverage. We were able to replicate [a similar fuzz target](https://storage.googleapis.com/oss-fuzz-llm-targets-public/openssl-ossl_punycode_decode/targets/15.c) that rediscovered [CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602).
![alt_text]({{ site.baseurl }}/images/punycode.png "Stacktrace from LLM-generated target finding CVE-2022-3602")
# Future work # Future work