You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for this challenging and useful dataset! After reviewing some of the openssl bugs manually, I currently believe
MAE114 appears to be untriggerable. The bug condition here requires peek=1 . However, the harnesses set peek=0explicitly or implicitly here and here. The original bug report confirms this property here.
MAE111 appears to be untriggerable too. I did not analyze it as carefully as the others, but upon reading this comprehensive description here, the default certificates lacking a particular elliptic curve provided by the fuzzer harnesses may never trigger the bug.
I am happy to provide a POC for demonstrability of MAE114.
Given this information, should these bugs be moved to the graveyard or should the harnesses be fixed? What do you think?
The text was updated successfully, but these errors were encountered:
Thank you for this challenging and useful dataset! After reviewing some of the
opensslbugs manually, I currently believeMAE114appears to be untriggerable. The bug condition here requirespeek=1. However, the harnesses setpeek=0explicitly or implicitly here and here. The original bug report confirms this property here.MAE111appears to be untriggerable too. I did not analyze it as carefully as the others, but upon reading this comprehensive description here, the default certificates lacking a particular elliptic curve provided by the fuzzer harnesses may never trigger the bug.I am happy to provide a POC for demonstrability of
MAE114.Given this information, should these bugs be moved to the graveyard or should the harnesses be fixed? What do you think?
The text was updated successfully, but these errors were encountered: