Yua
Yua
对TASSL中的密码库算法接口进行fuzz测试,发现如下漏洞。建议更新crypto目录所用的OpenSSL代码版本至**1.1.1m**。 ### Bug 1 `crypto/evp/evp_enc.c `中`EVP_CipherUpdate`, `EVP_EncryptUpdate`及`EVP_DecryptUpdate`可能出现`outl`参数溢出,详见[CVE-2021-23840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840)。 ### Bug 2 `crypto/evp/evp_enc.c` 中,使用AddressSanitizer插桩后,运行测试函数`EVP_en()`、`EVP_de()`出现内存异常。该问题在最新版本的OpenSSL中也存在,处理进程详见[issue#17869](https://github.com/openssl/openssl/issues/17869)。 ### Bug 3 `crypto/sm2/sm2_crypt.c`,`EVP_PKEY_decrypt()`函数返回的明文长度或小于真实所需长度,并造成溢出异常,详见[CVE-2021-3711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711)。
Hello. It seems that there is a signed integer overflow in bitops.h:54 : ``` static inline uint32_t read32_be(const uint8_t buf[4]) { * return (buf[0]
Hello. I am using sjcl's latest version. Sjcl successfully encrypts using CCM mode with an IV of 1049 bytes. However, according to the [Wycheproof test suite](https://github.com/google/wycheproof/blob/4672ff74d68766e7785c2cac4c597effccef2c5c/testvectors/aes_ccm_test.json#L11), this is forbidden :...
# 🐛 Bug: Inconsistency in transaction rejection and client response. I built a 4-node chain locally following the [document](https://aptos.dev/guides/running-a-local-multi-node-network) and used the python sdk to interact with it. When I'm...
**Describe the bug** I was running a 4-node private network (one of them can conduct byzantine behaviors). I applied the official stress testing framework but the test stuck before sending...
**Describe the bug** I was running a 4-node private network (one of them (node0) can conduct byzantine behaviors). I applied the official stress testing framework but the test stuck while...
**Describe the bug** 我使用**源码编译**的方法在ubuntu 22.04上编译获得了fisco-bcos 3.4版本的air节点,然后使用官方教程推荐的[脚本](https://fisco-bcos-doc.readthedocs.io/zh_CN/latest/docs/quick_start/air_installation.html)来搭建了10节点的一条私链。 然而,在运行过程中,节点占用了异常多的CPU资源,256个核全部占满,导致无法正常使用。 **To Reproduce** Steps to reproduce the behavior: 1. 下载3.4版本源码,本地编译 2. 下载官方建私链脚本,创建10节点私链 3. 运行start_all.sh 4. CPU占满 **Expected behavior** 我曾经也运行过之前的版本,并不存在类似的情况出现。应为近期版本新增的特性导致(TBB自旋锁?)。 **Screenshots**  **Environment (please complete...
I was running [guetzli v1.0](https://github.com/google/fuzzer-test-suite/tree/master/guetzli-2017-3-30), and I encountered an interger overflow bug. The detailed error message is as follows: ``` guetzli/jpeg_data_writer.cc:494:38: runtime error: shift exponent 32 is too large for...
I was running [guetzli v1.0](https://github.com/google/fuzzer-test-suite/tree/master/guetzli-2017-3-30), and I encountered a runtime error: shift exponent -219 is negative. The detailed error message is as follows: ``` guetzli/jpeg_bit_writer.h:42:25: runtime error: shift exponent -219...