Skip to content

New OSS-Fuzz Findings in Jettison #45

Closed
@henryrneh

Description

@henryrneh

Dear Jettison maintainers,

Multiple bugs were found during fuzzing by Jazzer in Jettison, for example [Out of memory and Stackoverflow]. We would like to provide you with access to the bugs at Google OSS-Fuzz before they get publicly disclosed.

What do we need from you?

We need an email address that is associated with a Google Account as per Accepting new projects. In the past we have already contacted you during the onboarding of your project, but the request was rejected or no email was shared with us.

What do you get by sharing your email address?

When a bug is found, you will receive an email that will provide you with access to ClusterFuzz, crash reports, code coverage reports and fuzzer statistics. Each finding will have a crashing input that you can use to easily reproduce the bug.

Attention: All bug details will be made public automatically after the deadline of 90 days has exceeded or after the fix is released. For projects without maintainers we will do our best to support the disclosure process. Depending on our resources we will try to create an issues for every bug in your public issues tracker. In addition, we will request CVEs for security related vulnerabilities.

Please let me know if you have any questions regarding fuzzing or the OSS-Fuzz integration.

Thank you for your reading and hope to hear from you soon!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions