Willy,
Am 21.04.20 um 16:58 schrieb Willy Tarreau:
>> I would also be interested in how Felix Wilhelm performed the fuzzing,
>> do you happen to have details about that?
>
> No, I only got the information that was just made public. But do not
> hesitate to contact Felix about this, I'm sure he wi
ср, 22 апр. 2020 г. в 00:06, Tim Düsterhus :
> Ilya,
>
> Am 21.04.20 um 20:49 schrieb Илья Шипицин:
> > I thought of some more high level fuzzing without intercepting code path.
> > for example, we know about range queries
> >
> > Range: bytes=0-1023
> >
> >
> > i.e. bytes=(integer)-(integer)
> >
Ilya,
Am 21.04.20 um 20:49 schrieb Илья Шипицин:
> I thought of some more high level fuzzing without intercepting code path.
> for example, we know about range queries
>
> Range: bytes=0-1023
>
>
> i.e. bytes=(integer)-(integer)
>
>
> what if we send
>
> Range: bytes=1023-0
>
> or
> Range:
вт, 21 апр. 2020 г. в 20:24, Tim Düsterhus :
> Ilya,
>
> Am 21.04.20 um 17:02 schrieb Илья Шипицин:
> >> The two CVEs I mentioned were bugs *I* found using afl-fuzz. The biggest
> >> hurdle back when I attempted fuzzing was not getting an appropriate
> >> workload (I've just created a few basic re
Ilya,
Am 21.04.20 um 17:02 schrieb Илья Шипицин:
>> The two CVEs I mentioned were bugs *I* found using afl-fuzz. The biggest
>> hurdle back when I attempted fuzzing was not getting an appropriate
>> workload (I've just created a few basic requests using nghttp), but
>> instead getting the requests
вт, 21 апр. 2020 г. в 19:13, Tim Düsterhus :
> Ilya,
>
> Am 21.04.20 um 15:47 schrieb Илья Шипицин:
> >> The write-up is available now:
> >> https://bugs.chromium.org/p/project-zero/issues/detail?id=2023
> >>
> >> It has a "Methodology-Fuzzing" label, so after CVE-2018-14645 and
> >> CVE-2018-2061
Hi Tim,
On Tue, Apr 21, 2020 at 03:18:43PM +0200, Tim Düsterhus wrote:
> Willy,
>
> Am 02.04.20 um 15:03 schrieb Willy Tarreau:
> > The main driver for this release is that it contains a fix for a serious
> > vulnerability that was responsibly reported last week by Felix Wilhelm
> > from Google P
Ilya,
Am 21.04.20 um 15:47 schrieb Илья Шипицин:
>> The write-up is available now:
>> https://bugs.chromium.org/p/project-zero/issues/detail?id=2023
>>
>> It has a "Methodology-Fuzzing" label, so after CVE-2018-14645 and
>> CVE-2018-20615 this is the 3rd CVE within H2 found using fuzzing that
>> I
another option would be to enlist project at HackerOne and wait while Guido
Vranken will fuzz it :)
he already fuzzed dozens of projects, including openssl, openvpn, ...
https://guidovranken.com/
вт, 21 апр. 2020 г. в 18:21, Tim Düsterhus :
> Willy,
>
> Am 02.04.20 um 15:03 schrieb Willy Tarrea
вт, 21 апр. 2020 г. в 18:21, Tim Düsterhus :
> Willy,
>
> Am 02.04.20 um 15:03 schrieb Willy Tarreau:
> > The main driver for this release is that it contains a fix for a serious
> > vulnerability that was responsibly reported last week by Felix Wilhelm
> > from Google Project Zero, affecting the
Willy,
Am 02.04.20 um 15:03 schrieb Willy Tarreau:
> The main driver for this release is that it contains a fix for a serious
> vulnerability that was responsibly reported last week by Felix Wilhelm
> from Google Project Zero, affecting the HPACK decoder used for HTTP/2.
> CVE-2020-11100 was assig
On 02 Apr 15:27, Julien Pivotto wrote:
> On 02 Apr 15:03, Willy Tarreau wrote:
> > Hi,
> >
> > HAProxy 2.1.4 was released on 2020/04/02. It added 99 new commits
> > after version 2.1.3.
> >
> > The main driver for this release is that it contains a fix for a serious
> > vulnerability that was res
On Thu, Apr 02, 2020 at 03:27:07PM +0200, Julien Pivotto wrote:
> On 02 Apr 15:03, Willy Tarreau wrote:
> > Hi,
> >
> > HAProxy 2.1.4 was released on 2020/04/02. It added 99 new commits
> > after version 2.1.3.
> >
> > The main driver for this release is that it contains a fix for a serious
> > v
On 02 Apr 15:03, Willy Tarreau wrote:
> Hi,
>
> HAProxy 2.1.4 was released on 2020/04/02. It added 99 new commits
> after version 2.1.3.
>
> The main driver for this release is that it contains a fix for a serious
> vulnerability that was responsibly reported last week by Felix Wilhelm
> from Goo
Hi,
HAProxy 2.1.4 was released on 2020/04/02. It added 99 new commits
after version 2.1.3.
The main driver for this release is that it contains a fix for a serious
vulnerability that was responsibly reported last week by Felix Wilhelm
from Google Project Zero, affecting the HPACK decoder used for
15 matches
Mail list logo