OSS-Fuzz finds a command injection bug in TinyGLTF #108

jonafato · 2022-09-09T02:28:46Z

URL

https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html

When was this post released

20220908

Summary

OSS-Fuzz, Google's service for fuzz-testing open source software, has identified a command injection vulnerability in TinyGLTF, which has since been patched. OSS-Fuzz has been operating since 2016 and began adding new "sanitizers" in December, 2021, one of which detected the bug in question. The project is accepting new sanitizers and offering rewards of $11,337 for integrations that identify two or more vulnerabilities in existing OSS-Fuzz projects. OSS-Fuzz supports projects written in several programming languages, including Python

Code of Conduct

I agree to follow this project's Code of Conduct

jonafato added the Content Topics for discussion and inclusion in newsletters label Sep 9, 2022

kjaymiller added this to Python Community News Sep 9, 2022

kjaymiller mentioned this issue Sep 9, 2022

Security Vulnerabilities Found/Patched, Licensing, and Salary Transparency - PCN 9 Sept 2022 #104

Closed

6 tasks

kjaymiller closed this as completed Sep 10, 2022

kjaymiller moved this to Done in Python Community News Sep 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OSS-Fuzz finds a command injection bug in TinyGLTF #108

OSS-Fuzz finds a command injection bug in TinyGLTF #108

jonafato commented Sep 9, 2022

OSS-Fuzz finds a command injection bug in TinyGLTF #108

OSS-Fuzz finds a command injection bug in TinyGLTF #108

Comments

jonafato commented Sep 9, 2022

URL

When was this post released

Summary

Code of Conduct