oss-fuzz

Pierluigi Paganini December 08, 2017
OpenSSL patches for the fourth time in 2017 its library, and it will likely be the last one 

The OpenSSL Project released the OpenSSL 1.0.2n version that addresses two vulnerabilities discovered by the Google researcher David Benjamin. Benjamin discovered the vulnerabilities using the OSS-Fuzz fuzzing service. The first “moderate severity” issue, tracked as CVE-2017-3737, is related to an “error state” mechanism implemented since OpenSSL 1.0.2b. “OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error state” […]

Pierluigi Paganini November 02, 2017
OpenSSL patches vulnerabilities discovered with Google OSS-Fuzz fuzzing service

OpenSSL patches two low and medium severity vulnerabilities that were discovered by using Google’s open source OSS-Fuzz fuzzing service. The medium severity vulnerability tracked as CVE-2017-3736 was addressed with the release of OpenSSL 1.1.0g and 1.0.2m. The flaw is a carry propagating bug in the x86_64 Montgomery squaring procedure, it affects processors that support BMI1, BMI2 and […]