Fuzzing Weekly
10. February 2023 | CW6
A few days ago, Andrew Helwer published a short post about two bugs he wrote while developing the C++ external scanner for my TLA⁺ tree-sitter grammar. The Reactions on those bugs were mixed! One user suggested building the tree-sitter grammar with the LLVM address & undefined behavior sanitizers enabled. Andrew had never played around with sanitizers before, but it seemed fun to check whether those sanitizers would have saved his days of debugging pain! Learn more.
From: Andrew Helwer
ISO8385 and NDC are financial protocols that manage certain financial transactions such as card payments, cache removal, gabs, and others. However, there is lack of papers and tools for targeting these financial/payment protocols. In this article, Karim Reda Fakhir presents two fuzzers suited to run security tests on ISO8385 and NDC protocols; hoping that it will help other security enthusiasts and developers, to secure financial transactions. Learn more.
From: Karim Reda Fakhir
In Other News
- Google Expands Open-Source Bounties, And Will Soon Support JavaScript Fuzzing Too
Google is expanding its open source OSS-Fuzz bug bounty and is adding support for projects written in the most popular programming languages. Learn more.
From: Liam Tung
- CVE-2023-24808: DoS Vulnerability in PDFio Parser
PDFio is a C library for reading and writing PDF files. Anyone who uses this library (< v. 1.1.9) either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Users are advised to upgrade. Learn more.
From: NIST
This Week's Discussion
- Converting int32 to uint64 and back to int32
From: ikeawizardish
New Tutorial
- How You Can Find the Log4j Vulnerability in Less Than 10 Minutes
From: Josh Grant
Fuzzing Jobs
- Developer Community Manager
Code Intelligence, Bonn, Germany
- Software Engineer Test Engineering Services
Vector, Pune, India
Code Intelligence, Rheinwerkallee 6,
Bonn, NRW 53227, +49 228 28695830
Unsubscribe Manage preferences