Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add image of OpenSSL bug (#10850)

This commit is contained in:
jonathanmetzman 2023-08-16 17:14:58 -04:00 committed by GitHub
parent b27de28c78
commit 2e1b3b5773
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/images/punycode.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 307 KiB

2
docs/research/target_generation.md
View File

@ -205,6 +205,8 @@ The best result weve had is with the TinyXML2 project, where we managed to in
Additionally, we targeted OpenSSL from the perspective of discovering past vulnerabilities that were not found due to lack of fuzzing coverage. We were able to replicate [a similar fuzz target](https://storage.googleapis.com/oss-fuzz-llm-targets-public/openssl-ossl_punycode_decode/targets/15.c) that rediscovered [CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602).
![alt_text]({{ site.baseurl }}/images/punycode.png "Stacktrace from LLM-generated target finding CVE-2022-3602")
# Future work