Date: Sun, 19 Apr 2020 22:09:28 +0300 From: Henri Salo <henri@...v.fi> To: Agostino Sarubbo <ago@...too.org> Cc: oss-security@...ts.openwall.com Subject: Re: re2c: heap overflow in Scanner::fill (scanner.cc) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Sun, Apr 19, 2020 at 04:59:48PM +0200, Agostino Sarubbo wrote: > Affected version: > 1.3 > > Fixed version: > Will be 2.0 > > Commit fix: > https://github.com/skvadrik/re2c/commit/ > c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a > > Credit: > This bug was discovered by Agostino Sarubbo. > > CVE: > I don’t care anymore about a CVE. If you will obtain one about this issue, > feel free to reach me. I will update this as well. > > Note: > This bug was found with American Fuzzy Lop. > This bug was identified with bare metal servers donated by Packet. This work > is also supported by the Core Infrastructure Initiative. > > Permalink: > http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ Good job again ago! I created CVE request for you. I don't think that you should stop fuzzing as mentioned in blog. Instead you should pick responsive and important targets (e.g. re2c) and add a donation button to your web page, thanks :) - -- Henri Salo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAl6coeUACgkQJ633pE6q dXR+Sg//T9YuxN+Ef49RaPpChhWuZqsS6/gTimhdr6A5Obncl7LHqYj/IViHX23W Ck+/wpLTNVt3vZGKB5607XkwoeJkfHgtKxdWcIMNSBevDpvKX4fJd01csD8FTqGR 6tmTmS6EgFRRevfGTut2mmwMkQDOTZ9EbedcxqanmCVZ6IDUVSlvdRrwtFXPcgHG qTafrAyaYNbrbJLHPlnliTY+k7HdXPsT8j2Oe97+u/as3E8+B21xssUkerVRwQ6S MPey0/7bMh7IV4x+u5NFbIwl7W6OlksDcemR41ZSiwlyd7SfMcU9kBHHdC1LVYgh pyeWGys4CUjj/b7fYf5lJEYLdsGTEcYgtWpLisE2rd+2vyMkzx/NWYDgqHsMzK90 zHyNYVLq/qowu8h5V+tRW/VhgYl9m/U1zxFllhVYVOEu87+fdk0FfhT2AFq5HtX8 7+l3EnInfu4TUAMATerInYR6wsjOOj7vjNjbYbpStRC8IZavsGMlwneaNr1QkQtf 5gu+85yU8VmwYUrYftaGdsvbjUR6xz+LNkiF2Y72r0/kKDi29/oi3gekYYumcBB3 zaRXGsoliVV7eTeFF7N/HGeGheIkHaCGo1yB+GQ2BZt/723EBg10WRpZYbCaweQQ LuTyN2OBwdCDyPF+T+E1oOF6CtkkHa6cYcdG9s6NZ7Ij9v2ky2w= =N3U9 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.