1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-12-24 17:52:11 +00:00

Link to oss-security thread on CVE-2022-0185

This commit is contained in:
Rohan Kumar 2022-02-03 22:29:46 -08:00
parent bbfcef2370
commit 65ef073088
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
2 changed files with 2 additions and 1 deletions

View file

@ -168,6 +168,7 @@ Fuzzing frequently catches bugs that are only apparent by running a program, not
A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the syzkaller kernel fuzzer.
=> https://www.openwall.com/lists/oss-security/2022/01/18/7 oss-security: Linux kernel: Heap buffer overflow in fs_context.c since version 5.1
=> https://github.com/google/syzkaller Syzkaller
The process was documented on Will's Root:

View file

@ -132,7 +132,7 @@ If you want to get started with fuzzing, I recommend checking out [the quick-sta
### Example: CVE-2022-0185
A recent example of how fuzzing helps spot a vulnerability in an open-source project is CVE-2022-0185: a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
A recent example of how fuzzing helps spot a vulnerability in an open-source project is [CVE-2022-0185](https://www.openwall.com/lists/oss-security/2022/01/18/7): a Linux 0-day found by the Crusaders of Rust a few weeks ago. It was discovered using the [syzkaller](https://github.com/google/syzkaller) kernel fuzzer. The process was documented on Will's Root:
[CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers](https://www.willsroot.io/2022/01/cve-2022-0185.html)