Dear Friedrich,
We are using smart fuzzing to test open source applications, including
pspp. Our tool collAFL is an enhanced version of AFL.
The core of AFL is an genetic algorithm to automatically discover
interesting test cases that trigger new internal states in the targeted
application, which leads to a high code coverage. Our tool collAFL's
improvement over AFL is that, it reduces some collisions in AFL's
algorithm, and increases the code coverage of AFL.
The evaluation result is good so far. We found dozens of vulnerabilities
in open source applications using collAFL. We are writing a paper about
it. More details will be discussed in the paper. Once the paper is
ready, we can share a copy with you, if you are interested.
Thanks,
Chao
On 7/3/17 1:22 PM, Friedrich Beckmann wrote:
Dear owl337 team,
thanks for looking at pspp and finding the security problems
https://security-tracker.debian.org/tracker/CVE-2017-10791
and
https://security-tracker.debian.org/tracker/CVE-2017-10792
in pspp! Your reports are quite detailed. Could you describe how you found the
problems, i.e. do
you have some information about collAFL?
Regards
Friedrich
