├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── infra ├── .pylintrc ├── .style.yapf ├── README.md ├── poetry.lock ├── pyproject.toml └── syncer │ ├── google_issue_tracker │ ├── __init__.py │ ├── client.py │ └── issue_tracker.py │ └── sync.py ├── scripts └── import.py └── vulns ├── antlr4-java └── OSV-2022-667.yaml ├── apache-commons-codec ├── OSV-2023-1195.yaml └── OSV-2024-349.yaml ├── apache-commons-configuration ├── OSV-2022-871.yaml ├── OSV-2024-1102.yaml └── OSV-2024-269.yaml ├── apache-commons-imaging ├── OSV-2022-1207.yaml └── OSV-2022-1275.yaml ├── apache-commons-io ├── OSV-2023-618.yaml └── OSV-2023-962.yaml ├── apache-commons-jxpath ├── OSV-2022-729.yaml ├── OSV-2022-743.yaml ├── OSV-2022-764.yaml ├── OSV-2022-768.yaml ├── OSV-2022-782.yaml └── OSV-2023-719.yaml ├── apache-commons-lang ├── OSV-2023-1221.yaml └── OSV-2023-1326.yaml ├── apache-commons └── OSV-2021-882.yaml ├── apache-httpd ├── OSV-2021-1104.yaml ├── OSV-2021-1577.yaml ├── OSV-2021-1679.yaml └── OSV-2022-17.yaml ├── apache-poi ├── OSV-2023-1024.yaml ├── OSV-2023-1136.yaml ├── OSV-2023-1265.yaml ├── OSV-2023-1266.yaml ├── OSV-2023-1291.yaml ├── OSV-2023-1353.yaml ├── OSV-2023-660.yaml ├── OSV-2023-662.yaml ├── OSV-2023-665.yaml ├── OSV-2023-680.yaml ├── OSV-2023-714.yaml ├── OSV-2023-795.yaml ├── OSV-2023-955.yaml ├── OSV-2023-961.yaml ├── OSV-2024-28.yaml ├── OSV-2024-372.yaml ├── OSV-2024-661.yaml ├── OSV-2024-879.yaml ├── OSV-2024-939.yaml └── OSV-2025-45.yaml ├── arduinojson ├── OSV-2020-1573.yaml └── OSV-2024-555.yaml ├── arrow-java ├── OSV-2022-248.yaml └── OSV-2022-852.yaml ├── arrow ├── OSV-2020-101.yaml ├── OSV-2020-104.yaml ├── OSV-2020-1047.yaml ├── OSV-2020-1050.yaml ├── OSV-2020-1058.yaml ├── OSV-2020-109.yaml ├── OSV-2020-110.yaml ├── OSV-2020-1117.yaml ├── OSV-2020-115.yaml ├── OSV-2020-1159.yaml ├── OSV-2020-1170.yaml ├── OSV-2020-1178.yaml ├── OSV-2020-1228.yaml ├── OSV-2020-125.yaml ├── OSV-2020-1266.yaml ├── OSV-2020-1327.yaml ├── OSV-2020-1352.yaml ├── OSV-2020-138.yaml ├── OSV-2020-144.yaml ├── OSV-2020-165.yaml ├── OSV-2020-1682.yaml ├── OSV-2020-174.yaml ├── OSV-2020-180.yaml ├── OSV-2020-1842.yaml ├── OSV-2020-187.yaml ├── OSV-2020-1894.yaml ├── OSV-2020-204.yaml ├── OSV-2020-21.yaml ├── OSV-2020-2122.yaml ├── OSV-2020-2154.yaml ├── OSV-2020-2158.yaml ├── OSV-2020-2179.yaml ├── OSV-2020-22.yaml ├── OSV-2020-26.yaml ├── OSV-2020-27.yaml ├── OSV-2020-34.yaml ├── OSV-2020-42.yaml ├── OSV-2020-5.yaml ├── OSV-2020-52.yaml ├── OSV-2020-63.yaml ├── OSV-2020-758.yaml ├── OSV-2020-761.yaml ├── OSV-2020-776.yaml ├── OSV-2020-86.yaml ├── OSV-2020-911.yaml ├── OSV-2020-917.yaml ├── OSV-2020-936.yaml ├── OSV-2020-974.yaml ├── OSV-2021-1189.yaml ├── OSV-2021-1192.yaml ├── OSV-2021-1565.yaml ├── OSV-2021-1592.yaml ├── OSV-2021-1601.yaml └── OSV-2023-1088.yaml ├── aspell ├── OSV-2020-521.yaml └── OSV-2020-548.yaml ├── assimp ├── OSV-2021-1311.yaml ├── OSV-2021-1316.yaml ├── OSV-2021-1385.yaml ├── OSV-2021-1514.yaml ├── OSV-2021-1641.yaml ├── OSV-2021-593.yaml ├── OSV-2021-760.yaml ├── OSV-2021-775.yaml ├── OSV-2022-1129.yaml ├── OSV-2022-1258.yaml ├── OSV-2022-194.yaml ├── OSV-2022-21.yaml ├── OSV-2022-410.yaml ├── OSV-2022-624.yaml ├── OSV-2023-201.yaml ├── OSV-2023-276.yaml ├── OSV-2023-385.yaml ├── OSV-2023-402.yaml ├── OSV-2023-404.yaml ├── OSV-2023-536.yaml ├── OSV-2023-869.yaml ├── OSV-2024-1054.yaml ├── OSV-2024-1179.yaml ├── OSV-2024-1220.yaml ├── OSV-2024-1324.yaml ├── OSV-2024-1372.yaml ├── OSV-2025-31.yaml └── OSV-2025-54.yaml ├── astc-encoder └── OSV-2021-1161.yaml ├── augeas └── OSV-2020-1540.yaml ├── binutils ├── OSV-2022-183.yaml ├── OSV-2023-1298.yaml ├── OSV-2023-1320.yaml ├── OSV-2023-1324.yaml ├── OSV-2023-279.yaml ├── OSV-2023-311.yaml ├── OSV-2023-418.yaml ├── OSV-2024-1056.yaml └── OSV-2025-260.yaml ├── bitcoin-core └── OSV-2021-823.yaml ├── bloaty ├── OSV-2018-134.yaml ├── OSV-2018-208.yaml └── OSV-2025-111.yaml ├── bluez ├── OSV-2022-857.yaml ├── OSV-2022-859.yaml └── OSV-2022-908.yaml ├── boost ├── OSV-2018-389.yaml ├── OSV-2018-417.yaml ├── OSV-2024-112.yaml └── OSV-2024-914.yaml ├── boringssl ├── OSV-2018-13.yaml ├── OSV-2018-206.yaml ├── OSV-2023-41.yaml ├── OSV-2024-417.yaml ├── OSV-2024-430.yaml └── OSV-2024-432.yaml ├── botan ├── OSV-2018-41.yaml └── OSV-2018-75.yaml ├── c-ares ├── OSV-2020-1862.yaml ├── OSV-2020-280.yaml ├── OSV-2020-435.yaml ├── OSV-2020-439.yaml ├── OSV-2020-530.yaml ├── OSV-2020-541.yaml ├── OSV-2020-569.yaml ├── OSV-2020-630.yaml └── OSV-2020-68.yaml ├── c-blosc ├── OSV-2020-762.yaml └── OSV-2021-1227.yaml ├── c-blosc2 ├── OSV-2020-1016.yaml ├── OSV-2020-1060.yaml ├── OSV-2020-2087.yaml ├── OSV-2020-2183.yaml ├── OSV-2020-2184.yaml ├── OSV-2020-2251.yaml ├── OSV-2020-775.yaml ├── OSV-2021-1070.yaml ├── OSV-2021-1589.yaml ├── OSV-2021-1645.yaml ├── OSV-2021-1663.yaml ├── OSV-2021-1672.yaml ├── OSV-2021-1676.yaml ├── OSV-2021-1710.yaml ├── OSV-2021-1712.yaml ├── OSV-2021-1755.yaml ├── OSV-2021-1791.yaml ├── OSV-2021-207.yaml ├── OSV-2021-21.yaml ├── OSV-2021-213.yaml ├── OSV-2021-22.yaml ├── OSV-2021-221.yaml ├── OSV-2021-23.yaml ├── OSV-2021-246.yaml ├── OSV-2021-247.yaml ├── OSV-2021-27.yaml ├── OSV-2021-271.yaml ├── OSV-2021-274.yaml ├── OSV-2021-366.yaml ├── OSV-2021-369.yaml ├── OSV-2021-371.yaml ├── OSV-2021-382.yaml ├── OSV-2021-404.yaml ├── OSV-2021-422.yaml ├── OSV-2021-428.yaml ├── OSV-2021-429.yaml ├── OSV-2021-439.yaml ├── OSV-2021-464.yaml ├── OSV-2021-476.yaml ├── OSV-2021-481.yaml ├── OSV-2021-485.yaml ├── OSV-2021-487.yaml ├── OSV-2021-496.yaml ├── OSV-2021-498.yaml ├── OSV-2021-526.yaml ├── OSV-2021-622.yaml ├── OSV-2021-639.yaml ├── OSV-2021-640.yaml ├── OSV-2021-644.yaml ├── OSV-2021-652.yaml ├── OSV-2021-7.yaml ├── OSV-2021-766.yaml ├── OSV-2021-779.yaml ├── OSV-2021-847.yaml ├── OSV-2021-897.yaml ├── OSV-2021-973.yaml ├── OSV-2021-997.yaml ├── OSV-2022-1134.yaml ├── OSV-2022-1242.yaml ├── OSV-2022-322.yaml ├── OSV-2022-33.yaml ├── OSV-2022-34.yaml ├── OSV-2022-4.yaml ├── OSV-2022-486.yaml ├── OSV-2022-51.yaml ├── OSV-2022-511.yaml ├── OSV-2022-55.yaml ├── OSV-2022-750.yaml ├── OSV-2022-776.yaml ├── OSV-2022-847.yaml ├── OSV-2023-1350.yaml ├── OSV-2023-319.yaml ├── OSV-2023-51.yaml └── OSV-2023-606.yaml ├── cairo └── OSV-2023-298.yaml ├── capstone ├── OSV-2020-438.yaml ├── OSV-2020-519.yaml ├── OSV-2020-679.yaml ├── OSV-2020-860.yaml └── OSV-2024-1076.yaml ├── checker-framework └── OSV-2024-1336.yaml ├── checkstyle ├── OSV-2023-1097.yaml ├── OSV-2023-1152.yaml ├── OSV-2023-1222.yaml ├── OSV-2023-1361.yaml ├── OSV-2023-1382.yaml ├── OSV-2023-580.yaml ├── OSV-2023-617.yaml ├── OSV-2023-750.yaml ├── OSV-2024-1133.yaml ├── OSV-2024-1181.yaml ├── OSV-2024-181.yaml ├── OSV-2024-278.yaml ├── OSV-2024-283.yaml ├── OSV-2024-288.yaml ├── OSV-2024-323.yaml ├── OSV-2024-4.yaml ├── OSV-2024-400.yaml ├── OSV-2024-473.yaml ├── OSV-2024-641.yaml ├── OSV-2024-696.yaml ├── OSV-2024-747.yaml ├── OSV-2024-883.yaml ├── OSV-2024-89.yaml ├── OSV-2025-13.yaml ├── OSV-2025-323.yaml ├── OSV-2025-354.yaml ├── OSV-2025-369.yaml ├── OSV-2025-396.yaml ├── OSV-2025-401.yaml └── OSV-2025-406.yaml ├── clamav ├── OSV-2020-1365.yaml ├── OSV-2020-1782.yaml ├── OSV-2020-1792.yaml ├── OSV-2020-1802.yaml ├── OSV-2020-1804.yaml ├── OSV-2020-1805.yaml ├── OSV-2021-1117.yaml ├── OSV-2021-1507.yaml ├── OSV-2021-1509.yaml ├── OSV-2021-40.yaml ├── OSV-2022-1068.yaml ├── OSV-2022-136.yaml ├── OSV-2022-220.yaml ├── OSV-2022-347.yaml ├── OSV-2022-61.yaml ├── OSV-2022-62.yaml ├── OSV-2022-636.yaml ├── OSV-2022-67.yaml ├── OSV-2022-94.yaml ├── OSV-2023-164.yaml ├── OSV-2023-350.yaml ├── OSV-2023-356.yaml ├── OSV-2023-581.yaml ├── OSV-2023-640.yaml ├── OSV-2024-1205.yaml ├── OSV-2024-1274.yaml ├── OSV-2024-264.yaml ├── OSV-2024-73.yaml └── OSV-2025-248.yaml ├── cpython3 ├── OSV-2021-745.yaml ├── OSV-2023-344.yaml └── OSV-2023-738.yaml ├── cras ├── OSV-2018-145.yaml ├── OSV-2020-2112.yaml ├── OSV-2020-715.yaml ├── OSV-2020-757.yaml ├── OSV-2020-891.yaml ├── OSV-2020-940.yaml ├── OSV-2020-948.yaml ├── OSV-2020-981.yaml ├── OSV-2022-611.yaml ├── OSV-2022-696.yaml ├── OSV-2022-808.yaml ├── OSV-2023-506.yaml ├── OSV-2023-779.yaml ├── OSV-2024-434.yaml └── OSV-2024-79.yaml ├── croaring ├── OSV-2023-155.yaml └── OSV-2023-165.yaml ├── cryptofuzz ├── OSV-2020-1290.yaml ├── OSV-2020-148.yaml ├── OSV-2020-1595.yaml ├── OSV-2020-1600.yaml ├── OSV-2020-1661.yaml ├── OSV-2020-1727.yaml ├── OSV-2020-201.yaml ├── OSV-2020-249.yaml ├── OSV-2020-31.yaml ├── OSV-2020-515.yaml ├── OSV-2020-599.yaml ├── OSV-2020-641.yaml ├── OSV-2020-830.yaml ├── OSV-2020-833.yaml ├── OSV-2021-257.yaml ├── OSV-2021-383.yaml ├── OSV-2021-614.yaml ├── OSV-2021-615.yaml ├── OSV-2021-616.yaml ├── OSV-2021-623.yaml └── OSV-2021-624.yaml ├── cryptsetup └── OSV-2022-1265.yaml ├── cups ├── OSV-2024-764.yaml ├── OSV-2024-856.yaml └── OSV-2024-996.yaml ├── curl ├── OSV-2017-1.yaml ├── OSV-2017-79.yaml ├── OSV-2017-8.yaml ├── OSV-2018-209.yaml ├── OSV-2018-230.yaml ├── OSV-2018-40.yaml ├── OSV-2020-1080.yaml ├── OSV-2020-1230.yaml ├── OSV-2020-1347.yaml ├── OSV-2020-389.yaml ├── OSV-2020-600.yaml ├── OSV-2021-1625.yaml ├── OSV-2021-1629.yaml ├── OSV-2021-1730.yaml ├── OSV-2021-1737.yaml ├── OSV-2021-1747.yaml ├── OSV-2021-1756.yaml ├── OSV-2021-1758.yaml ├── OSV-2021-1793.yaml ├── OSV-2021-1796.yaml ├── OSV-2021-696.yaml ├── OSV-2022-1046.yaml ├── OSV-2022-1065.yaml ├── OSV-2022-139.yaml ├── OSV-2022-141.yaml └── OSV-2022-450.yaml ├── cyclonedds ├── OSV-2022-892.yaml ├── OSV-2023-158.yaml ├── OSV-2023-273.yaml ├── OSV-2023-556.yaml └── OSV-2024-272.yaml ├── dav1d ├── OSV-2018-113.yaml ├── OSV-2018-123.yaml ├── OSV-2018-128.yaml ├── OSV-2018-165.yaml ├── OSV-2018-31.yaml ├── OSV-2018-85.yaml ├── OSV-2020-137.yaml ├── OSV-2020-303.yaml ├── OSV-2021-1205.yaml ├── OSV-2021-1228.yaml ├── OSV-2021-1231.yaml ├── OSV-2022-674.yaml └── OSV-2023-303.yaml ├── dlplibs ├── OSV-2021-1524.yaml ├── OSV-2022-1280.yaml └── OSV-2022-594.yaml ├── dnsmasq ├── OSV-2021-1807.yaml ├── OSV-2021-924.yaml ├── OSV-2021-925.yaml ├── OSV-2021-927.yaml ├── OSV-2021-929.yaml ├── OSV-2021-931.yaml ├── OSV-2021-932.yaml ├── OSV-2021-933.yaml ├── OSV-2021-934.yaml ├── OSV-2021-935.yaml ├── OSV-2022-10.yaml ├── OSV-2022-11.yaml ├── OSV-2022-12.yaml ├── OSV-2022-145.yaml ├── OSV-2022-312.yaml ├── OSV-2022-324.yaml ├── OSV-2022-572.yaml ├── OSV-2022-6.yaml └── OSV-2022-785.yaml ├── docker-client ├── OSV-2024-117.yaml └── OSV-2024-120.yaml ├── dovecot ├── OSV-2020-843.yaml └── OSV-2020-880.yaml ├── draco ├── OSV-2020-1018.yaml ├── OSV-2020-1036.yaml ├── OSV-2020-1291.yaml ├── OSV-2020-1328.yaml ├── OSV-2020-2200.yaml ├── OSV-2020-778.yaml ├── OSV-2020-800.yaml ├── OSV-2020-824.yaml ├── OSV-2020-828.yaml ├── OSV-2020-925.yaml ├── OSV-2020-977.yaml ├── OSV-2021-1082.yaml ├── OSV-2021-1176.yaml ├── OSV-2021-1177.yaml ├── OSV-2021-1181.yaml ├── OSV-2021-1183.yaml ├── OSV-2021-1640.yaml ├── OSV-2021-482.yaml ├── OSV-2021-635.yaml └── OSV-2021-646.yaml ├── duckdb ├── OSV-2022-485.yaml └── OSV-2022-487.yaml ├── edk2 └── OSV-2024-1066.yaml ├── envoy ├── OSV-2018-117.yaml ├── OSV-2018-224.yaml ├── OSV-2018-335.yaml ├── OSV-2018-95.yaml ├── OSV-2019-1.yaml └── OSV-2020-473.yaml ├── espeak-ng ├── OSV-2021-1024.yaml ├── OSV-2021-1041.yaml ├── OSV-2021-1110.yaml ├── OSV-2021-1141.yaml ├── OSV-2021-1157.yaml ├── OSV-2021-1354.yaml ├── OSV-2021-1631.yaml ├── OSV-2021-1636.yaml ├── OSV-2021-1776.yaml ├── OSV-2021-764.yaml ├── OSV-2021-765.yaml ├── OSV-2021-767.yaml ├── OSV-2021-769.yaml ├── OSV-2021-782.yaml ├── OSV-2021-787.yaml ├── OSV-2021-802.yaml ├── OSV-2021-808.yaml ├── OSV-2021-810.yaml ├── OSV-2022-137.yaml ├── OSV-2022-462.yaml ├── OSV-2022-519.yaml ├── OSV-2022-530.yaml ├── OSV-2022-595.yaml ├── OSV-2023-467.yaml ├── OSV-2023-984.yaml ├── OSV-2024-1203.yaml └── OSV-2025-169.yaml ├── exiv2 ├── OSV-2022-1011.yaml ├── OSV-2022-223.yaml ├── OSV-2022-280.yaml ├── OSV-2022-794.yaml ├── OSV-2022-830.yaml ├── OSV-2022-945.yaml ├── OSV-2022-999.yaml ├── OSV-2023-1161.yaml ├── OSV-2023-734.yaml └── OSV-2024-340.yaml ├── faad2 └── OSV-2023-421.yaml ├── fastjson2 ├── OSV-2022-343.yaml ├── OSV-2022-616.yaml ├── OSV-2024-1322.yaml └── OSV-2024-964.yaml ├── feign └── OSV-2023-619.yaml ├── file ├── OSV-2016-1.yaml ├── OSV-2016-2.yaml ├── OSV-2016-3.yaml ├── OSV-2016-6.yaml ├── OSV-2016-7.yaml ├── OSV-2017-102.yaml ├── OSV-2017-131.yaml ├── OSV-2017-134.yaml ├── OSV-2017-140.yaml ├── OSV-2017-16.yaml ├── OSV-2017-52.yaml ├── OSV-2018-15.yaml ├── OSV-2018-18.yaml ├── OSV-2020-1193.yaml ├── OSV-2020-1280.yaml ├── OSV-2020-184.yaml ├── OSV-2020-190.yaml ├── OSV-2020-391.yaml ├── OSV-2020-535.yaml ├── OSV-2020-75.yaml ├── OSV-2020-97.yaml ├── OSV-2021-1238.yaml ├── OSV-2021-1322.yaml ├── OSV-2022-468.yaml ├── OSV-2022-534.yaml ├── OSV-2022-923.yaml ├── OSV-2022-924.yaml ├── OSV-2022-952.yaml ├── OSV-2023-1398.yaml ├── OSV-2023-443.yaml ├── OSV-2023-505.yaml └── OSV-2023-889.yaml ├── firestore └── OSV-2020-2042.yaml ├── flac ├── OSV-2020-1155.yaml ├── OSV-2020-1510.yaml ├── OSV-2020-1976.yaml ├── OSV-2020-819.yaml ├── OSV-2020-990.yaml ├── OSV-2022-1177.yaml ├── OSV-2023-113.yaml ├── OSV-2023-182.yaml ├── OSV-2023-221.yaml ├── OSV-2023-357.yaml ├── OSV-2023-675.yaml ├── OSV-2024-1320.yaml ├── OSV-2024-678.yaml └── OSV-2024-965.yaml ├── flatbuffers ├── OSV-2021-1229.yaml ├── OSV-2021-1249.yaml ├── OSV-2021-1314.yaml ├── OSV-2021-1678.yaml ├── OSV-2021-1695.yaml ├── OSV-2021-281.yaml ├── OSV-2021-308.yaml ├── OSV-2021-333.yaml ├── OSV-2021-347.yaml ├── OSV-2021-349.yaml ├── OSV-2021-520.yaml ├── OSV-2021-541.yaml └── OSV-2021-581.yaml ├── flex └── OSV-2024-319.yaml ├── fluent-bit ├── OSV-2020-112.yaml ├── OSV-2020-156.yaml ├── OSV-2020-1813.yaml ├── OSV-2020-1816.yaml ├── OSV-2020-1839.yaml ├── OSV-2020-2014.yaml ├── OSV-2020-2017.yaml ├── OSV-2020-2066.yaml ├── OSV-2020-2071.yaml ├── OSV-2020-2072.yaml ├── OSV-2020-2075.yaml ├── OSV-2020-2094.yaml ├── OSV-2020-2117.yaml ├── OSV-2020-2132.yaml ├── OSV-2020-2133.yaml ├── OSV-2020-2135.yaml ├── OSV-2020-2139.yaml ├── OSV-2020-2140.yaml ├── OSV-2020-2148.yaml ├── OSV-2020-2159.yaml ├── OSV-2020-2220.yaml ├── OSV-2020-2233.yaml ├── OSV-2020-2239.yaml ├── OSV-2020-2240.yaml ├── OSV-2020-2241.yaml ├── OSV-2020-2242.yaml ├── OSV-2020-2309.yaml ├── OSV-2020-96.yaml ├── OSV-2021-1008.yaml ├── OSV-2021-1083.yaml ├── OSV-2021-1633.yaml ├── OSV-2021-260.yaml ├── OSV-2021-261.yaml ├── OSV-2021-702.yaml ├── OSV-2021-739.yaml ├── OSV-2021-750.yaml ├── OSV-2021-838.yaml ├── OSV-2021-855.yaml ├── OSV-2021-857.yaml ├── OSV-2022-101.yaml ├── OSV-2022-1040.yaml ├── OSV-2022-1045.yaml ├── OSV-2022-1053.yaml ├── OSV-2022-1132.yaml ├── OSV-2022-114.yaml ├── OSV-2022-1169.yaml ├── OSV-2022-1181.yaml ├── OSV-2022-1277.yaml ├── OSV-2022-144.yaml ├── OSV-2022-217.yaml ├── OSV-2022-222.yaml ├── OSV-2022-254.yaml ├── OSV-2022-255.yaml ├── OSV-2022-257.yaml ├── OSV-2022-259.yaml ├── OSV-2022-260.yaml ├── OSV-2022-261.yaml ├── OSV-2022-262.yaml ├── OSV-2022-267.yaml ├── OSV-2022-279.yaml ├── OSV-2022-281.yaml ├── OSV-2022-284.yaml ├── OSV-2022-288.yaml ├── OSV-2022-289.yaml ├── OSV-2022-558.yaml ├── OSV-2022-577.yaml ├── OSV-2022-651.yaml ├── OSV-2022-834.yaml ├── OSV-2022-878.yaml ├── OSV-2022-891.yaml ├── OSV-2022-988.yaml ├── OSV-2022-994.yaml ├── OSV-2023-1135.yaml ├── OSV-2023-685.yaml ├── OSV-2023-692.yaml └── OSV-2024-1186.yaml ├── fmt ├── OSV-2021-991.yaml ├── OSV-2022-165.yaml └── OSV-2022-168.yaml ├── freeradius ├── OSV-2021-1216.yaml ├── OSV-2021-1422.yaml ├── OSV-2021-1423.yaml ├── OSV-2021-1425.yaml ├── OSV-2021-1427.yaml ├── OSV-2021-1458.yaml ├── OSV-2021-1473.yaml ├── OSV-2021-1526.yaml ├── OSV-2022-250.yaml └── OSV-2022-489.yaml ├── freerdp └── OSV-2023-472.yaml ├── freetype2 ├── OSV-2018-100.yaml ├── OSV-2018-142.yaml ├── OSV-2018-155.yaml ├── OSV-2018-167.yaml ├── OSV-2018-219.yaml ├── OSV-2018-226.yaml ├── OSV-2018-24.yaml ├── OSV-2018-48.yaml ├── OSV-2020-1591.yaml ├── OSV-2020-791.yaml ├── OSV-2021-553.yaml ├── OSV-2021-602.yaml ├── OSV-2021-719.yaml └── OSV-2022-39.yaml ├── frr ├── OSV-2021-1127.yaml ├── OSV-2021-1447.yaml └── OSV-2023-764.yaml ├── fwupd ├── OSV-2021-530.yaml └── OSV-2021-540.yaml ├── gdal ├── OSV-2018-12.yaml ├── OSV-2018-46.yaml ├── OSV-2018-47.yaml ├── OSV-2020-325.yaml ├── OSV-2020-38.yaml ├── OSV-2020-392.yaml ├── OSV-2020-420.yaml ├── OSV-2020-66.yaml ├── OSV-2020-748.yaml ├── OSV-2020-87.yaml ├── OSV-2021-1257.yaml └── OSV-2021-1651.yaml ├── geos ├── OSV-2021-1319.yaml ├── OSV-2021-998.yaml ├── OSV-2022-861.yaml └── OSV-2022-904.yaml ├── gfwx └── OSV-2021-977.yaml ├── ghostscript ├── OSV-2020-1712.yaml ├── OSV-2020-1869.yaml ├── OSV-2020-1870.yaml ├── OSV-2020-1871.yaml ├── OSV-2020-1872.yaml ├── OSV-2020-1873.yaml ├── OSV-2020-1874.yaml ├── OSV-2020-1875.yaml ├── OSV-2020-1876.yaml ├── OSV-2020-1877.yaml ├── OSV-2020-1878.yaml ├── OSV-2020-1879.yaml ├── OSV-2020-1880.yaml ├── OSV-2020-1882.yaml ├── OSV-2020-1883.yaml ├── OSV-2020-1886.yaml ├── OSV-2021-1081.yaml ├── OSV-2021-1681.yaml ├── OSV-2021-1682.yaml ├── OSV-2021-1683.yaml ├── OSV-2021-1684.yaml ├── OSV-2021-1685.yaml ├── OSV-2021-1686.yaml ├── OSV-2021-1687.yaml ├── OSV-2021-1688.yaml ├── OSV-2021-1689.yaml ├── OSV-2021-1690.yaml ├── OSV-2021-1692.yaml ├── OSV-2021-1693.yaml ├── OSV-2021-1694.yaml ├── OSV-2021-1697.yaml ├── OSV-2021-1698.yaml ├── OSV-2021-1703.yaml ├── OSV-2021-1704.yaml ├── OSV-2021-1706.yaml ├── OSV-2021-1707.yaml ├── OSV-2021-1708.yaml ├── OSV-2021-1709.yaml ├── OSV-2021-1711.yaml ├── OSV-2021-1715.yaml ├── OSV-2021-1717.yaml ├── OSV-2021-1719.yaml ├── OSV-2021-1723.yaml ├── OSV-2021-1724.yaml ├── OSV-2021-1726.yaml ├── OSV-2021-1728.yaml ├── OSV-2021-1731.yaml ├── OSV-2021-1740.yaml ├── OSV-2021-1741.yaml ├── OSV-2021-1743.yaml ├── OSV-2021-1752.yaml ├── OSV-2021-1753.yaml ├── OSV-2021-1754.yaml ├── OSV-2021-1763.yaml ├── OSV-2021-1764.yaml ├── OSV-2021-1767.yaml ├── OSV-2021-1770.yaml ├── OSV-2021-1771.yaml ├── OSV-2021-1772.yaml ├── OSV-2021-1774.yaml ├── OSV-2021-1781.yaml ├── OSV-2021-1788.yaml ├── OSV-2021-1795.yaml ├── OSV-2021-1802.yaml ├── OSV-2021-1803.yaml ├── OSV-2021-1806.yaml ├── OSV-2021-237.yaml ├── OSV-2021-312.yaml ├── OSV-2021-337.yaml ├── OSV-2021-668.yaml ├── OSV-2021-717.yaml ├── OSV-2021-803.yaml ├── OSV-2022-1.yaml ├── OSV-2022-100.yaml ├── OSV-2022-102.yaml ├── OSV-2022-1021.yaml ├── OSV-2022-1063.yaml ├── OSV-2022-1085.yaml ├── OSV-2022-1097.yaml ├── OSV-2022-1121.yaml ├── OSV-2022-1131.yaml ├── OSV-2022-1143.yaml ├── OSV-2022-1148.yaml ├── OSV-2022-1178.yaml ├── OSV-2022-1194.yaml ├── OSV-2022-1208.yaml ├── OSV-2022-121.yaml ├── OSV-2022-1214.yaml ├── OSV-2022-1225.yaml ├── OSV-2022-1229.yaml ├── OSV-2022-149.yaml ├── OSV-2022-177.yaml ├── OSV-2022-18.yaml ├── OSV-2022-199.yaml ├── OSV-2022-206.yaml ├── OSV-2022-210.yaml ├── OSV-2022-218.yaml ├── OSV-2022-229.yaml ├── OSV-2022-232.yaml ├── OSV-2022-270.yaml ├── OSV-2022-271.yaml ├── OSV-2022-278.yaml ├── OSV-2022-3.yaml ├── OSV-2022-301.yaml ├── OSV-2022-339.yaml ├── OSV-2022-351.yaml ├── OSV-2022-354.yaml ├── OSV-2022-390.yaml ├── OSV-2022-415.yaml ├── OSV-2022-417.yaml ├── OSV-2022-422.yaml ├── OSV-2022-429.yaml ├── OSV-2022-449.yaml ├── OSV-2022-453.yaml ├── OSV-2022-456.yaml ├── OSV-2022-47.yaml ├── OSV-2022-496.yaml ├── OSV-2022-507.yaml ├── OSV-2022-522.yaml ├── OSV-2022-523.yaml ├── OSV-2022-524.yaml ├── OSV-2022-53.yaml ├── OSV-2022-536.yaml ├── OSV-2022-538.yaml ├── OSV-2022-54.yaml ├── OSV-2022-640.yaml ├── OSV-2022-643.yaml ├── OSV-2022-655.yaml ├── OSV-2022-662.yaml ├── OSV-2022-684.yaml ├── OSV-2022-686.yaml ├── OSV-2022-710.yaml ├── OSV-2022-719.yaml ├── OSV-2022-724.yaml ├── OSV-2022-726.yaml ├── OSV-2022-727.yaml ├── OSV-2022-73.yaml ├── OSV-2022-736.yaml ├── OSV-2022-744.yaml ├── OSV-2022-751.yaml ├── OSV-2022-755.yaml ├── OSV-2022-757.yaml ├── OSV-2022-772.yaml ├── OSV-2022-79.yaml ├── OSV-2022-797.yaml ├── OSV-2022-80.yaml ├── OSV-2022-803.yaml ├── OSV-2022-805.yaml ├── OSV-2022-81.yaml ├── OSV-2022-818.yaml ├── OSV-2022-821.yaml ├── OSV-2022-829.yaml ├── OSV-2022-83.yaml ├── OSV-2022-85.yaml ├── OSV-2022-855.yaml ├── OSV-2022-866.yaml ├── OSV-2022-888.yaml ├── OSV-2022-926.yaml ├── OSV-2022-949.yaml ├── OSV-2022-97.yaml ├── OSV-2023-1008.yaml ├── OSV-2023-1079.yaml ├── OSV-2023-142.yaml ├── OSV-2023-285.yaml ├── OSV-2023-297.yaml ├── OSV-2023-34.yaml ├── OSV-2023-353.yaml ├── OSV-2023-470.yaml ├── OSV-2023-510.yaml ├── OSV-2023-527.yaml ├── OSV-2023-528.yaml ├── OSV-2023-88.yaml ├── OSV-2023-970.yaml ├── OSV-2024-1036.yaml ├── OSV-2024-1041.yaml ├── OSV-2024-1042.yaml ├── OSV-2024-1059.yaml ├── OSV-2024-1251.yaml ├── OSV-2024-1391.yaml ├── OSV-2024-179.yaml ├── OSV-2024-251.yaml ├── OSV-2024-294.yaml ├── OSV-2024-403.yaml ├── OSV-2024-493.yaml ├── OSV-2024-495.yaml ├── OSV-2024-496.yaml ├── OSV-2024-503.yaml ├── OSV-2024-577.yaml ├── OSV-2024-677.yaml ├── OSV-2024-728.yaml ├── OSV-2024-80.yaml ├── OSV-2024-833.yaml ├── OSV-2024-853.yaml ├── OSV-2024-861.yaml ├── OSV-2024-983.yaml ├── OSV-2025-173.yaml ├── OSV-2025-174.yaml ├── OSV-2025-175.yaml ├── OSV-2025-177.yaml └── OSV-2025-63.yaml ├── glib ├── OSV-2018-10.yaml ├── OSV-2018-136.yaml ├── OSV-2018-212.yaml ├── OSV-2018-213.yaml ├── OSV-2018-216.yaml ├── OSV-2018-22.yaml ├── OSV-2018-228.yaml ├── OSV-2018-79.yaml ├── OSV-2020-2253.yaml ├── OSV-2020-669.yaml ├── OSV-2020-741.yaml ├── OSV-2020-743.yaml └── OSV-2020-831.yaml ├── glog └── OSV-2023-978.yaml ├── glslang ├── OSV-2024-1045.yaml └── OSV-2024-460.yaml ├── gnupg └── OSV-2020-568.yaml ├── gnutls ├── OSV-2017-138.yaml ├── OSV-2017-62.yaml ├── OSV-2017-72.yaml ├── OSV-2018-121.yaml ├── OSV-2018-122.yaml ├── OSV-2018-186.yaml ├── OSV-2018-188.yaml ├── OSV-2018-196.yaml ├── OSV-2018-72.yaml ├── OSV-2018-92.yaml ├── OSV-2020-72.yaml └── OSV-2021-147.yaml ├── gpac ├── OSV-2022-1234.yaml ├── OSV-2024-1029.yaml ├── OSV-2024-135.yaml ├── OSV-2024-142.yaml ├── OSV-2024-156.yaml ├── OSV-2024-157.yaml ├── OSV-2024-33.yaml ├── OSV-2024-627.yaml ├── OSV-2024-659.yaml ├── OSV-2024-664.yaml ├── OSV-2024-68.yaml ├── OSV-2024-695.yaml ├── OSV-2024-719.yaml └── OSV-2024-951.yaml ├── gpsd ├── OSV-2023-721.yaml ├── OSV-2024-828.yaml └── OSV-2024-994.yaml ├── graphql-java ├── OSV-2024-1144.yaml └── OSV-2024-359.yaml ├── grok ├── OSV-2020-2205.yaml ├── OSV-2021-1344.yaml ├── OSV-2021-1346.yaml ├── OSV-2021-1417.yaml ├── OSV-2021-1760.yaml ├── OSV-2021-1768.yaml ├── OSV-2021-1797.yaml ├── OSV-2021-426.yaml ├── OSV-2021-448.yaml ├── OSV-2021-456.yaml ├── OSV-2021-510.yaml ├── OSV-2021-677.yaml ├── OSV-2022-243.yaml ├── OSV-2022-245.yaml ├── OSV-2022-252.yaml ├── OSV-2022-295.yaml ├── OSV-2022-321.yaml ├── OSV-2022-330.yaml ├── OSV-2022-336.yaml ├── OSV-2022-375.yaml ├── OSV-2022-501.yaml ├── OSV-2022-799.yaml ├── OSV-2023-340.yaml └── OSV-2023-689.yaml ├── grpc-swift └── OSV-2022-125.yaml ├── grpc └── OSV-2022-460.yaml ├── gson └── OSV-2021-1549.yaml ├── gstreamer ├── OSV-2017-24.yaml ├── OSV-2018-36.yaml ├── OSV-2018-42.yaml ├── OSV-2022-1089.yaml ├── OSV-2022-1168.yaml └── OSV-2023-862.yaml ├── guice └── OSV-2022-733.yaml ├── h2o ├── OSV-2021-1120.yaml └── OSV-2021-907.yaml ├── h3 ├── OSV-2021-1472.yaml ├── OSV-2022-880.yaml ├── OSV-2024-1201.yaml └── OSV-2024-1241.yaml ├── hamcrest ├── OSV-2022-1217.yaml └── OSV-2023-518.yaml ├── haproxy ├── OSV-2020-745.yaml ├── OSV-2020-751.yaml └── OSV-2022-1009.yaml ├── harfbuzz ├── OSV-2018-1.yaml ├── OSV-2018-106.yaml ├── OSV-2018-108.yaml ├── OSV-2018-112.yaml ├── OSV-2018-114.yaml ├── OSV-2018-115.yaml ├── OSV-2018-116.yaml ├── OSV-2018-119.yaml ├── OSV-2018-126.yaml ├── OSV-2018-127.yaml ├── OSV-2018-129.yaml ├── OSV-2018-140.yaml ├── OSV-2018-143.yaml ├── OSV-2018-146.yaml ├── OSV-2018-149.yaml ├── OSV-2018-150.yaml ├── OSV-2018-159.yaml ├── OSV-2018-161.yaml ├── OSV-2018-162.yaml ├── OSV-2018-172.yaml ├── OSV-2018-174.yaml ├── OSV-2018-176.yaml ├── OSV-2018-179.yaml ├── OSV-2018-185.yaml ├── OSV-2018-190.yaml ├── OSV-2018-199.yaml ├── OSV-2018-26.yaml ├── OSV-2018-43.yaml ├── OSV-2018-54.yaml ├── OSV-2018-56.yaml ├── OSV-2018-61.yaml ├── OSV-2018-64.yaml ├── OSV-2018-73.yaml ├── OSV-2018-82.yaml ├── OSV-2018-91.yaml ├── OSV-2018-97.yaml ├── OSV-2020-107.yaml ├── OSV-2020-121.yaml ├── OSV-2020-130.yaml ├── OSV-2020-1325.yaml ├── OSV-2020-147.yaml ├── OSV-2020-149.yaml ├── OSV-2020-1549.yaml ├── OSV-2020-1550.yaml ├── OSV-2020-1551.yaml ├── OSV-2020-1553.yaml ├── OSV-2020-1554.yaml ├── OSV-2020-1555.yaml ├── OSV-2020-1559.yaml ├── OSV-2020-1563.yaml ├── OSV-2020-16.yaml ├── OSV-2020-1606.yaml ├── OSV-2020-176.yaml ├── OSV-2020-182.yaml ├── OSV-2020-183.yaml ├── OSV-2020-188.yaml ├── OSV-2020-232.yaml ├── OSV-2020-233.yaml ├── OSV-2020-243.yaml ├── OSV-2020-244.yaml ├── OSV-2020-347.yaml ├── OSV-2020-388.yaml ├── OSV-2020-412.yaml ├── OSV-2020-484.yaml ├── OSV-2020-509.yaml ├── OSV-2020-516.yaml ├── OSV-2020-54.yaml ├── OSV-2020-565.yaml ├── OSV-2020-638.yaml ├── OSV-2020-698.yaml ├── OSV-2020-704.yaml ├── OSV-2020-708.yaml ├── OSV-2021-1153.yaml ├── OSV-2021-1159.yaml ├── OSV-2021-1310.yaml ├── OSV-2021-1370.yaml ├── OSV-2021-1381.yaml ├── OSV-2021-1518.yaml ├── OSV-2021-374.yaml ├── OSV-2021-396.yaml ├── OSV-2021-573.yaml ├── OSV-2021-618.yaml ├── OSV-2021-909.yaml ├── OSV-2022-104.yaml ├── OSV-2022-108.yaml ├── OSV-2022-111.yaml ├── OSV-2022-112.yaml ├── OSV-2022-1209.yaml ├── OSV-2022-1212.yaml ├── OSV-2022-401.yaml ├── OSV-2022-457.yaml ├── OSV-2022-613.yaml ├── OSV-2023-1272.yaml ├── OSV-2023-137.yaml ├── OSV-2023-160.yaml ├── OSV-2023-170.yaml ├── OSV-2023-222.yaml ├── OSV-2023-27.yaml ├── OSV-2023-323.yaml ├── OSV-2023-372.yaml ├── OSV-2023-376.yaml ├── OSV-2023-377.yaml ├── OSV-2023-379.yaml ├── OSV-2023-380.yaml ├── OSV-2023-458.yaml ├── OSV-2023-551.yaml ├── OSV-2023-554.yaml ├── OSV-2023-739.yaml └── OSV-2023-930.yaml ├── hdf5 ├── OSV-2023-104.yaml ├── OSV-2023-1091.yaml ├── OSV-2023-1223.yaml ├── OSV-2023-133.yaml ├── OSV-2023-216.yaml ├── OSV-2023-359.yaml ├── OSV-2023-370.yaml ├── OSV-2023-375.yaml ├── OSV-2023-381.yaml ├── OSV-2023-392.yaml ├── OSV-2023-430.yaml ├── OSV-2023-471.yaml ├── OSV-2023-722.yaml ├── OSV-2023-754.yaml ├── OSV-2023-76.yaml ├── OSV-2023-77.yaml ├── OSV-2023-79.yaml ├── OSV-2023-806.yaml ├── OSV-2023-89.yaml ├── OSV-2024-1010.yaml ├── OSV-2024-351.yaml ├── OSV-2024-370.yaml ├── OSV-2024-379.yaml ├── OSV-2024-380.yaml ├── OSV-2024-381.yaml ├── OSV-2024-387.yaml ├── OSV-2024-390.yaml ├── OSV-2024-575.yaml └── OSV-2024-772.yaml ├── hermes ├── OSV-2020-1820.yaml └── OSV-2020-893.yaml ├── hoextdown └── OSV-2020-742.yaml ├── hostap ├── OSV-2020-132.yaml ├── OSV-2020-1902.yaml ├── OSV-2020-1946.yaml ├── OSV-2020-2134.yaml └── OSV-2020-58.yaml ├── htmlunit └── OSV-2023-521.yaml ├── htslib ├── OSV-2020-1121.yaml ├── OSV-2020-1222.yaml ├── OSV-2020-1301.yaml ├── OSV-2020-1733.yaml ├── OSV-2020-955.yaml ├── OSV-2020-958.yaml ├── OSV-2020-998.yaml ├── OSV-2020-999.yaml ├── OSV-2021-220.yaml ├── OSV-2021-222.yaml ├── OSV-2021-228.yaml ├── OSV-2021-229.yaml ├── OSV-2021-231.yaml ├── OSV-2021-240.yaml ├── OSV-2021-242.yaml ├── OSV-2021-251.yaml ├── OSV-2021-258.yaml ├── OSV-2021-305.yaml ├── OSV-2023-1370.yaml ├── OSV-2023-837.yaml ├── OSV-2024-1212.yaml ├── OSV-2024-189.yaml ├── OSV-2024-20.yaml └── OSV-2024-74.yaml ├── hunspell ├── OSV-2022-1004.yaml ├── OSV-2022-1028.yaml ├── OSV-2022-1042.yaml ├── OSV-2022-1049.yaml ├── OSV-2022-1054.yaml ├── OSV-2022-1058.yaml ├── OSV-2022-1061.yaml ├── OSV-2022-1246.yaml ├── OSV-2022-1260.yaml ├── OSV-2022-864.yaml ├── OSV-2022-868.yaml ├── OSV-2022-872.yaml ├── OSV-2022-882.yaml ├── OSV-2022-883.yaml ├── OSV-2022-886.yaml ├── OSV-2022-889.yaml ├── OSV-2022-893.yaml ├── OSV-2022-899.yaml ├── OSV-2022-901.yaml ├── OSV-2022-903.yaml ├── OSV-2023-14.yaml ├── OSV-2023-156.yaml ├── OSV-2023-327.yaml ├── OSV-2023-364.yaml └── OSV-2023-508.yaml ├── icu ├── OSV-2020-418.yaml ├── OSV-2020-433.yaml ├── OSV-2020-584.yaml ├── OSV-2020-845.yaml ├── OSV-2020-866.yaml ├── OSV-2020-867.yaml ├── OSV-2021-1206.yaml ├── OSV-2021-1236.yaml ├── OSV-2022-169.yaml ├── OSV-2023-1328.yaml ├── OSV-2023-715.yaml ├── OSV-2023-849.yaml ├── OSV-2023-870.yaml ├── OSV-2023-873.yaml ├── OSV-2023-901.yaml ├── OSV-2023-905.yaml ├── OSV-2024-10.yaml ├── OSV-2024-25.yaml ├── OSV-2024-3.yaml ├── OSV-2024-521.yaml ├── OSV-2024-7.yaml └── OSV-2024-9.yaml ├── igraph ├── OSV-2021-25.yaml ├── OSV-2021-32.yaml ├── OSV-2023-1069.yaml ├── OSV-2023-1070.yaml ├── OSV-2023-1071.yaml ├── OSV-2023-1072.yaml └── OSV-2024-137.yaml ├── immer └── OSV-2020-1025.yaml ├── irssi ├── OSV-2020-299.yaml ├── OSV-2021-454.yaml ├── OSV-2021-457.yaml └── OSV-2021-664.yaml ├── jackson-core ├── OSV-2021-555.yaml ├── OSV-2021-556.yaml ├── OSV-2021-558.yaml ├── OSV-2021-559.yaml └── OSV-2021-564.yaml ├── jackson-databind ├── OSV-2022-1067.yaml ├── OSV-2022-1096.yaml ├── OSV-2022-678.yaml └── OSV-2024-245.yaml ├── jackson-dataformats-binary ├── OSV-2021-552.yaml └── OSV-2024-24.yaml ├── jackson-dataformats-text ├── OSV-2022-760.yaml └── OSV-2023-1300.yaml ├── jackson-modules-java8 └── OSV-2022-738.yaml ├── janino ├── OSV-2022-1064.yaml ├── OSV-2022-1133.yaml └── OSV-2022-963.yaml ├── janus-gateway └── OSV-2020-85.yaml ├── javaparser ├── OSV-2022-1102.yaml ├── OSV-2022-515.yaml ├── OSV-2023-1327.yaml ├── OSV-2023-483.yaml ├── OSV-2023-543.yaml ├── OSV-2023-775.yaml ├── OSV-2023-920.yaml ├── OSV-2024-138.yaml ├── OSV-2024-167.yaml ├── OSV-2024-195.yaml ├── OSV-2024-248.yaml ├── OSV-2024-490.yaml ├── OSV-2024-518.yaml ├── OSV-2024-539.yaml ├── OSV-2024-662.yaml ├── OSV-2024-675.yaml ├── OSV-2024-680.yaml ├── OSV-2024-748.yaml ├── OSV-2024-85.yaml └── OSV-2024-969.yaml ├── jbig2dec ├── OSV-2020-11.yaml ├── OSV-2020-1240.yaml ├── OSV-2020-161.yaml ├── OSV-2020-197.yaml ├── OSV-2020-77.yaml ├── OSV-2020-82.yaml ├── OSV-2020-822.yaml └── OSV-2020-95.yaml ├── jdom └── OSV-2023-522.yaml ├── jflex ├── OSV-2023-636.yaml ├── OSV-2024-567.yaml └── OSV-2024-668.yaml ├── joni └── OSV-2025-264.yaml ├── jq ├── OSV-2023-1239.yaml ├── OSV-2023-1268.yaml ├── OSV-2023-1329.yaml ├── OSV-2023-1344.yaml ├── OSV-2023-645.yaml ├── OSV-2023-663.yaml ├── OSV-2024-1312.yaml ├── OSV-2024-330.yaml ├── OSV-2024-371.yaml ├── OSV-2024-396.yaml ├── OSV-2024-440.yaml ├── OSV-2024-831.yaml ├── OSV-2024-852.yaml ├── OSV-2024-919.yaml └── OSV-2025-363.yaml ├── jsign ├── OSV-2023-1009.yaml └── OSV-2023-542.yaml ├── json-c └── OSV-2020-252.yaml ├── json ├── OSV-2017-59.yaml ├── OSV-2022-409.yaml └── OSV-2022-425.yaml ├── jsoncons ├── OSV-2021-703.yaml └── OSV-2021-821.yaml ├── jsoncpp ├── OSV-2020-146.yaml └── OSV-2020-976.yaml ├── jsonnet └── OSV-2020-587.yaml ├── jsoup ├── OSV-2021-1338.yaml ├── OSV-2021-1367.yaml ├── OSV-2021-1454.yaml └── OSV-2023-1014.yaml ├── kamailio ├── OSV-2021-1195.yaml ├── OSV-2021-1196.yaml ├── OSV-2021-1198.yaml ├── OSV-2021-1201.yaml ├── OSV-2021-1202.yaml ├── OSV-2021-1221.yaml ├── OSV-2021-1300.yaml ├── OSV-2021-1330.yaml ├── OSV-2021-1674.yaml ├── OSV-2023-813.yaml ├── OSV-2024-1200.yaml ├── OSV-2024-1206.yaml ├── OSV-2024-1210.yaml ├── OSV-2024-1230.yaml ├── OSV-2024-1244.yaml ├── OSV-2024-1249.yaml ├── OSV-2024-1424.yaml └── OSV-2024-1427.yaml ├── karchive ├── OSV-2022-1174.yaml └── OSV-2025-258.yaml ├── kcodecs ├── OSV-2020-1051.yaml └── OSV-2020-1185.yaml ├── keycloak └── OSV-2024-1161.yaml ├── keystone ├── OSV-2020-1506.yaml ├── OSV-2020-789.yaml ├── OSV-2020-797.yaml ├── OSV-2020-827.yaml ├── OSV-2020-853.yaml ├── OSV-2021-365.yaml └── OSV-2021-398.yaml ├── kimageformats ├── OSV-2020-2086.yaml ├── OSV-2020-868.yaml ├── OSV-2020-876.yaml ├── OSV-2020-889.yaml ├── OSV-2021-1475.yaml ├── OSV-2021-451.yaml ├── OSV-2021-458.yaml ├── OSV-2021-459.yaml ├── OSV-2021-460.yaml ├── OSV-2021-467.yaml ├── OSV-2021-500.yaml ├── OSV-2021-525.yaml ├── OSV-2021-586.yaml ├── OSV-2021-695.yaml ├── OSV-2021-735.yaml ├── OSV-2021-948.yaml ├── OSV-2021-972.yaml ├── OSV-2022-1003.yaml ├── OSV-2022-1018.yaml ├── OSV-2022-1104.yaml ├── OSV-2022-1122.yaml ├── OSV-2022-1141.yaml ├── OSV-2022-1262.yaml ├── OSV-2022-1292.yaml ├── OSV-2022-319.yaml ├── OSV-2022-644.yaml ├── OSV-2022-934.yaml ├── OSV-2023-257.yaml ├── OSV-2023-55.yaml ├── OSV-2023-709.yaml ├── OSV-2023-769.yaml ├── OSV-2023-797.yaml ├── OSV-2023-800.yaml ├── OSV-2024-679.yaml └── OSV-2025-256.yaml ├── krb5 └── OSV-2024-1293.yaml ├── kryo ├── OSV-2021-795.yaml └── OSV-2021-812.yaml ├── lcms ├── OSV-2017-154.yaml ├── OSV-2021-1680.yaml ├── OSV-2022-615.yaml ├── OSV-2022-618.yaml ├── OSV-2022-625.yaml ├── OSV-2022-626.yaml ├── OSV-2022-627.yaml ├── OSV-2022-629.yaml ├── OSV-2022-635.yaml ├── OSV-2022-638.yaml ├── OSV-2022-639.yaml ├── OSV-2022-642.yaml ├── OSV-2022-647.yaml ├── OSV-2022-648.yaml ├── OSV-2022-711.yaml ├── OSV-2022-798.yaml ├── OSV-2022-804.yaml ├── OSV-2022-815.yaml ├── OSV-2022-843.yaml ├── OSV-2022-874.yaml ├── OSV-2022-955.yaml ├── OSV-2022-964.yaml ├── OSV-2023-1117.yaml ├── OSV-2023-1124.yaml ├── OSV-2023-1164.yaml ├── OSV-2024-267.yaml └── OSV-2024-655.yaml ├── leptonica ├── OSV-2020-1.yaml ├── OSV-2020-1167.yaml ├── OSV-2020-1176.yaml ├── OSV-2020-1253.yaml ├── OSV-2020-131.yaml ├── OSV-2020-134.yaml ├── OSV-2020-141.yaml ├── OSV-2020-2018.yaml ├── OSV-2020-2024.yaml ├── OSV-2020-2128.yaml ├── OSV-2020-254.yaml ├── OSV-2020-288.yaml ├── OSV-2020-76.yaml ├── OSV-2020-8.yaml ├── OSV-2020-903.yaml ├── OSV-2021-223.yaml ├── OSV-2022-69.yaml └── OSV-2022-91.yaml ├── libaom ├── OSV-2018-192.yaml ├── OSV-2018-57.yaml ├── OSV-2018-59.yaml ├── OSV-2020-319.yaml ├── OSV-2020-324.yaml ├── OSV-2021-670.yaml ├── OSV-2021-671.yaml ├── OSV-2022-179.yaml ├── OSV-2022-180.yaml ├── OSV-2022-663.yaml ├── OSV-2024-149.yaml ├── OSV-2024-151.yaml ├── OSV-2024-153.yaml └── OSV-2024-517.yaml ├── libarchive ├── OSV-2018-125.yaml ├── OSV-2018-130.yaml ├── OSV-2018-160.yaml ├── OSV-2018-68.yaml ├── OSV-2020-2324.yaml ├── OSV-2020-238.yaml ├── OSV-2020-273.yaml ├── OSV-2020-32.yaml ├── OSV-2020-372.yaml ├── OSV-2020-461.yaml ├── OSV-2020-483.yaml ├── OSV-2020-487.yaml ├── OSV-2020-506.yaml ├── OSV-2020-543.yaml ├── OSV-2020-628.yaml ├── OSV-2021-12.yaml ├── OSV-2021-557.yaml ├── OSV-2022-1193.yaml ├── OSV-2022-13.yaml ├── OSV-2022-142.yaml ├── OSV-2022-299.yaml └── OSV-2022-676.yaml ├── libass ├── OSV-2020-2099.yaml └── OSV-2021-442.yaml ├── libavc ├── OSV-2020-1030.yaml ├── OSV-2020-1153.yaml ├── OSV-2020-1242.yaml ├── OSV-2020-2188.yaml ├── OSV-2020-2212.yaml ├── OSV-2020-278.yaml ├── OSV-2020-370.yaml ├── OSV-2020-546.yaml ├── OSV-2021-1235.yaml ├── OSV-2021-1237.yaml ├── OSV-2021-1559.yaml ├── OSV-2021-380.yaml ├── OSV-2021-504.yaml ├── OSV-2021-631.yaml ├── OSV-2023-117.yaml ├── OSV-2023-1180.yaml ├── OSV-2023-1205.yaml ├── OSV-2023-1206.yaml ├── OSV-2023-1207.yaml ├── OSV-2023-1208.yaml ├── OSV-2023-1294.yaml ├── OSV-2023-1305.yaml ├── OSV-2023-1311.yaml ├── OSV-2023-1312.yaml ├── OSV-2023-1313.yaml ├── OSV-2023-1322.yaml ├── OSV-2023-1378.yaml ├── OSV-2023-159.yaml ├── OSV-2023-333.yaml ├── OSV-2023-342.yaml ├── OSV-2023-453.yaml ├── OSV-2023-48.yaml ├── OSV-2023-68.yaml ├── OSV-2023-75.yaml ├── OSV-2023-840.yaml ├── OSV-2023-86.yaml ├── OSV-2023-948.yaml ├── OSV-2023-95.yaml ├── OSV-2023-97.yaml ├── OSV-2024-1124.yaml ├── OSV-2024-456.yaml ├── OSV-2024-637.yaml └── OSV-2024-638.yaml ├── libavif ├── OSV-2020-1066.yaml ├── OSV-2020-1597.yaml ├── OSV-2020-1833.yaml ├── OSV-2020-1840.yaml ├── OSV-2020-1841.yaml ├── OSV-2024-36.yaml ├── OSV-2024-404.yaml ├── OSV-2024-72.yaml ├── OSV-2025-1.yaml ├── OSV-2025-3.yaml └── OSV-2025-4.yaml ├── libbpf ├── OSV-2021-1489.yaml ├── OSV-2021-1562.yaml ├── OSV-2021-1576.yaml ├── OSV-2023-1307.yaml └── OSV-2023-877.yaml ├── libcbor ├── OSV-2020-105.yaml └── OSV-2020-88.yaml ├── libcoap ├── OSV-2020-2080.yaml ├── OSV-2021-450.yaml ├── OSV-2022-133.yaml ├── OSV-2022-150.yaml └── OSV-2022-508.yaml ├── libdwarf ├── OSV-2022-389.yaml ├── OSV-2023-240.yaml ├── OSV-2023-246.yaml ├── OSV-2023-248.yaml ├── OSV-2023-286.yaml ├── OSV-2023-501.yaml ├── OSV-2023-890.yaml ├── OSV-2023-940.yaml ├── OSV-2023-959.yaml └── OSV-2023-977.yaml ├── libecc ├── OSV-2021-757.yaml └── OSV-2023-1115.yaml ├── libexif ├── OSV-2020-1021.yaml ├── OSV-2020-1274.yaml ├── OSV-2021-1128.yaml ├── OSV-2021-1134.yaml ├── OSV-2021-1138.yaml ├── OSV-2021-1142.yaml ├── OSV-2021-1152.yaml ├── OSV-2021-1168.yaml ├── OSV-2021-1169.yaml ├── OSV-2021-1170.yaml ├── OSV-2021-1521.yaml ├── OSV-2021-1527.yaml └── OSV-2022-368.yaml ├── libfmt ├── OSV-2020-1835.yaml ├── OSV-2020-1850.yaml └── OSV-2020-1851.yaml ├── libgit2 ├── OSV-2018-104.yaml ├── OSV-2018-177.yaml ├── OSV-2018-2.yaml ├── OSV-2018-202.yaml ├── OSV-2018-3.yaml ├── OSV-2018-58.yaml ├── OSV-2018-99.yaml ├── OSV-2020-313.yaml ├── OSV-2020-423.yaml ├── OSV-2023-56.yaml └── OSV-2023-80.yaml ├── libheif ├── OSV-2020-1138.yaml ├── OSV-2020-1141.yaml ├── OSV-2020-1192.yaml ├── OSV-2020-1226.yaml ├── OSV-2020-1246.yaml ├── OSV-2020-1260.yaml ├── OSV-2020-1570.yaml ├── OSV-2020-1676.yaml ├── OSV-2020-213.yaml ├── OSV-2020-2308.yaml ├── OSV-2021-1395.yaml ├── OSV-2021-594.yaml ├── OSV-2023-1129.yaml ├── OSV-2023-330.yaml ├── OSV-2023-332.yaml └── OSV-2023-736.yaml ├── libhevc ├── OSV-2020-1005.yaml ├── OSV-2020-1008.yaml ├── OSV-2020-1010.yaml ├── OSV-2020-1062.yaml ├── OSV-2020-1137.yaml ├── OSV-2020-1145.yaml ├── OSV-2020-1211.yaml ├── OSV-2020-1216.yaml ├── OSV-2020-1234.yaml ├── OSV-2020-1285.yaml ├── OSV-2020-1300.yaml ├── OSV-2020-1326.yaml ├── OSV-2020-257.yaml ├── OSV-2020-294.yaml ├── OSV-2020-364.yaml ├── OSV-2020-398.yaml ├── OSV-2020-425.yaml ├── OSV-2020-564.yaml ├── OSV-2020-585.yaml ├── OSV-2020-631.yaml ├── OSV-2020-674.yaml ├── OSV-2020-699.yaml ├── OSV-2020-792.yaml ├── OSV-2020-942.yaml ├── OSV-2023-234.yaml ├── OSV-2023-235.yaml └── OSV-2023-239.yaml ├── libhtp ├── OSV-2020-355.yaml ├── OSV-2020-381.yaml ├── OSV-2020-466.yaml ├── OSV-2020-673.yaml └── OSV-2021-159.yaml ├── libical ├── OSV-2020-513.yaml ├── OSV-2020-559.yaml ├── OSV-2020-688.yaml ├── OSV-2022-476.yaml ├── OSV-2024-548.yaml └── OSV-2025-52.yaml ├── libidn2 ├── OSV-2020-417.yaml └── OSV-2020-480.yaml ├── libigl └── OSV-2022-360.yaml ├── libjpeg-turbo ├── OSV-2020-2192.yaml ├── OSV-2021-609.yaml ├── OSV-2021-654.yaml ├── OSV-2023-546.yaml ├── OSV-2024-1159.yaml └── OSV-2024-1310.yaml ├── libjxl ├── OSV-2021-1011.yaml ├── OSV-2021-1049.yaml ├── OSV-2021-1052.yaml ├── OSV-2021-1054.yaml ├── OSV-2021-1496.yaml ├── OSV-2021-1510.yaml ├── OSV-2021-1606.yaml ├── OSV-2021-1607.yaml ├── OSV-2021-1644.yaml ├── OSV-2021-1748.yaml ├── OSV-2021-853.yaml ├── OSV-2021-858.yaml ├── OSV-2021-861.yaml ├── OSV-2021-871.yaml ├── OSV-2021-916.yaml ├── OSV-2022-265.yaml ├── OSV-2022-296.yaml ├── OSV-2022-367.yaml ├── OSV-2022-480.yaml ├── OSV-2022-492.yaml ├── OSV-2022-580.yaml ├── OSV-2022-608.yaml ├── OSV-2022-725.yaml ├── OSV-2022-836.yaml └── OSV-2024-6.yaml ├── liblouis ├── OSV-2023-405.yaml ├── OSV-2023-599.yaml └── OSV-2023-952.yaml ├── libmpeg2 ├── OSV-2020-1081.yaml ├── OSV-2020-1142.yaml ├── OSV-2020-1161.yaml ├── OSV-2020-1180.yaml ├── OSV-2020-1299.yaml └── OSV-2020-934.yaml ├── libpcap ├── OSV-2020-1231.yaml ├── OSV-2020-407.yaml ├── OSV-2020-810.yaml ├── OSV-2022-551.yaml ├── OSV-2024-395.yaml └── OSV-2024-817.yaml ├── libplist ├── OSV-2022-105.yaml ├── OSV-2022-109.yaml ├── OSV-2022-115.yaml ├── OSV-2022-116.yaml ├── OSV-2022-147.yaml ├── OSV-2022-158.yaml ├── OSV-2022-93.yaml ├── OSV-2023-11.yaml └── OSV-2023-6.yaml ├── libpng ├── OSV-2017-41.yaml └── OSV-2017-67.yaml ├── libpsl ├── OSV-2017-53.yaml └── OSV-2017-83.yaml ├── libraw ├── OSV-2020-1362.yaml ├── OSV-2020-1417.yaml ├── OSV-2020-1519.yaml ├── OSV-2021-1108.yaml ├── OSV-2021-282.yaml ├── OSV-2021-427.yaml ├── OSV-2022-1060.yaml ├── OSV-2022-1078.yaml ├── OSV-2022-1093.yaml ├── OSV-2022-1107.yaml ├── OSV-2022-1159.yaml ├── OSV-2022-819.yaml ├── OSV-2023-1295.yaml ├── OSV-2023-184.yaml └── OSV-2023-90.yaml ├── librawspeed ├── OSV-2017-116.yaml ├── OSV-2017-73.yaml ├── OSV-2017-97.yaml ├── OSV-2018-175.yaml ├── OSV-2018-19.yaml ├── OSV-2018-227.yaml ├── OSV-2018-231.yaml ├── OSV-2020-290.yaml ├── OSV-2021-144.yaml ├── OSV-2022-1128.yaml ├── OSV-2022-1199.yaml ├── OSV-2023-1356.yaml └── OSV-2023-756.yaml ├── libredwg ├── OSV-2021-1086.yaml ├── OSV-2021-1343.yaml ├── OSV-2021-493.yaml ├── OSV-2021-495.yaml ├── OSV-2021-535.yaml ├── OSV-2021-543.yaml ├── OSV-2021-577.yaml ├── OSV-2021-620.yaml ├── OSV-2021-771.yaml ├── OSV-2021-814.yaml ├── OSV-2022-1176.yaml ├── OSV-2022-1180.yaml ├── OSV-2022-1198.yaml ├── OSV-2022-1211.yaml ├── OSV-2022-1251.yaml ├── OSV-2022-1252.yaml ├── OSV-2022-1259.yaml ├── OSV-2022-128.yaml ├── OSV-2022-129.yaml ├── OSV-2022-363.yaml ├── OSV-2022-372.yaml ├── OSV-2022-377.yaml ├── OSV-2022-379.yaml ├── OSV-2022-387.yaml ├── OSV-2022-388.yaml ├── OSV-2022-398.yaml ├── OSV-2022-400.yaml ├── OSV-2022-403.yaml ├── OSV-2022-653.yaml ├── OSV-2022-654.yaml ├── OSV-2022-656.yaml ├── OSV-2022-657.yaml ├── OSV-2022-664.yaml ├── OSV-2022-714.yaml ├── OSV-2023-1048.yaml ├── OSV-2023-1051.yaml ├── OSV-2023-1063.yaml ├── OSV-2023-1099.yaml ├── OSV-2023-1101.yaml ├── OSV-2023-1104.yaml ├── OSV-2023-1110.yaml ├── OSV-2023-1122.yaml ├── OSV-2023-1149.yaml ├── OSV-2023-1186.yaml ├── OSV-2023-1267.yaml ├── OSV-2023-135.yaml ├── OSV-2023-269.yaml ├── OSV-2023-270.yaml ├── OSV-2023-271.yaml ├── OSV-2023-284.yaml ├── OSV-2023-307.yaml ├── OSV-2023-314.yaml ├── OSV-2023-316.yaml ├── OSV-2023-397.yaml ├── OSV-2023-412.yaml ├── OSV-2023-415.yaml ├── OSV-2023-416.yaml ├── OSV-2023-42.yaml ├── OSV-2023-440.yaml ├── OSV-2023-452.yaml ├── OSV-2023-455.yaml ├── OSV-2023-46.yaml ├── OSV-2023-634.yaml ├── OSV-2023-717.yaml ├── OSV-2023-748.yaml ├── OSV-2023-758.yaml ├── OSV-2023-777.yaml ├── OSV-2023-811.yaml ├── OSV-2023-850.yaml ├── OSV-2023-855.yaml ├── OSV-2023-874.yaml ├── OSV-2023-894.yaml ├── OSV-2023-965.yaml ├── OSV-2023-997.yaml ├── OSV-2024-123.yaml ├── OSV-2024-1375.yaml ├── OSV-2024-38.yaml ├── OSV-2024-384.yaml ├── OSV-2024-42.yaml ├── OSV-2025-165.yaml └── OSV-2025-324.yaml ├── libressl ├── OSV-2020-1136.yaml ├── OSV-2020-1148.yaml ├── OSV-2020-1150.yaml ├── OSV-2020-1245.yaml ├── OSV-2020-1272.yaml ├── OSV-2020-1923.yaml ├── OSV-2020-1965.yaml ├── OSV-2020-514.yaml ├── OSV-2022-698.yaml └── OSV-2022-810.yaml ├── libsass ├── OSV-2020-1420.yaml ├── OSV-2020-250.yaml ├── OSV-2020-348.yaml ├── OSV-2020-604.yaml ├── OSV-2020-612.yaml ├── OSV-2020-734.yaml ├── OSV-2020-862.yaml ├── OSV-2021-508.yaml └── OSV-2022-896.yaml ├── libspdm └── OSV-2024-221.yaml ├── libspectre ├── OSV-2020-1173.yaml ├── OSV-2020-1175.yaml ├── OSV-2020-1221.yaml ├── OSV-2020-1273.yaml └── OSV-2020-941.yaml ├── libspng ├── OSV-2020-114.yaml ├── OSV-2020-200.yaml ├── OSV-2020-227.yaml ├── OSV-2020-307.yaml ├── OSV-2020-344.yaml ├── OSV-2020-351.yaml ├── OSV-2020-360.yaml ├── OSV-2020-448.yaml ├── OSV-2020-701.yaml ├── OSV-2020-756.yaml └── OSV-2020-79.yaml ├── libsrtp └── OSV-2021-1224.yaml ├── libssh └── OSV-2021-892.yaml ├── libssh2 ├── OSV-2022-24.yaml ├── OSV-2023-1343.yaml ├── OSV-2023-343.yaml ├── OSV-2024-847.yaml ├── OSV-2024-859.yaml ├── OSV-2024-985.yaml ├── OSV-2025-90.yaml └── OSV-2025-92.yaml ├── libtiff ├── OSV-2020-1232.yaml └── OSV-2020-1306.yaml ├── libtpms ├── OSV-2021-1048.yaml └── OSV-2021-975.yaml ├── libtsm ├── OSV-2016-4.yaml ├── OSV-2016-5.yaml ├── OSV-2017-121.yaml ├── OSV-2017-126.yaml ├── OSV-2017-157.yaml ├── OSV-2017-161.yaml ├── OSV-2017-167.yaml ├── OSV-2020-1448.yaml ├── OSV-2021-1373.yaml ├── OSV-2021-289.yaml └── OSV-2024-777.yaml ├── libucl ├── OSV-2021-1184.yaml ├── OSV-2021-1261.yaml ├── OSV-2022-494.yaml ├── OSV-2023-321.yaml ├── OSV-2023-78.yaml ├── OSV-2023-819.yaml └── OSV-2024-22.yaml ├── libultrahdr ├── OSV-2024-1145.yaml ├── OSV-2024-1149.yaml ├── OSV-2024-1158.yaml ├── OSV-2024-1164.yaml ├── OSV-2024-1239.yaml ├── OSV-2024-476.yaml ├── OSV-2024-477.yaml ├── OSV-2024-504.yaml └── OSV-2024-602.yaml ├── libvips ├── OSV-2020-102.yaml ├── OSV-2020-1356.yaml ├── OSV-2020-73.yaml ├── OSV-2020-993.yaml ├── OSV-2021-1055.yaml ├── OSV-2021-1139.yaml ├── OSV-2021-1597.yaml ├── OSV-2021-1604.yaml ├── OSV-2021-1615.yaml ├── OSV-2021-600.yaml ├── OSV-2021-786.yaml ├── OSV-2022-226.yaml ├── OSV-2022-264.yaml ├── OSV-2022-302.yaml ├── OSV-2022-303.yaml ├── OSV-2022-304.yaml ├── OSV-2022-305.yaml ├── OSV-2022-308.yaml ├── OSV-2022-309.yaml ├── OSV-2022-310.yaml ├── OSV-2022-311.yaml ├── OSV-2022-314.yaml ├── OSV-2022-315.yaml ├── OSV-2022-317.yaml ├── OSV-2022-318.yaml ├── OSV-2022-323.yaml ├── OSV-2022-371.yaml ├── OSV-2022-493.yaml ├── OSV-2023-328.yaml ├── OSV-2024-1406.yaml ├── OSV-2025-131.yaml └── OSV-2025-6.yaml ├── libvpx ├── OSV-2020-1035.yaml ├── OSV-2022-529.yaml ├── OSV-2022-533.yaml ├── OSV-2022-543.yaml └── OSV-2024-471.yaml ├── libwebp ├── OSV-2021-1015.yaml ├── OSV-2021-900.yaml └── OSV-2024-1356.yaml ├── libxaac ├── OSV-2023-1012.yaml ├── OSV-2023-1179.yaml ├── OSV-2023-1231.yaml ├── OSV-2023-839.yaml └── OSV-2024-180.yaml ├── libxls └── OSV-2020-1000.yaml ├── libxml2 ├── OSV-2020-1623.yaml ├── OSV-2020-1667.yaml ├── OSV-2020-1726.yaml ├── OSV-2020-1885.yaml ├── OSV-2020-215.yaml ├── OSV-2020-755.yaml ├── OSV-2020-89.yaml ├── OSV-2020-908.yaml ├── OSV-2021-777.yaml ├── OSV-2022-1071.yaml ├── OSV-2022-1120.yaml ├── OSV-2023-1000.yaml ├── OSV-2023-1301.yaml ├── OSV-2023-1303.yaml ├── OSV-2023-1315.yaml ├── OSV-2023-1365.yaml ├── OSV-2023-1373.yaml ├── OSV-2023-162.yaml ├── OSV-2023-174.yaml ├── OSV-2023-185.yaml ├── OSV-2023-188.yaml ├── OSV-2023-191.yaml ├── OSV-2023-193.yaml ├── OSV-2023-195.yaml ├── OSV-2023-196.yaml ├── OSV-2023-199.yaml ├── OSV-2023-204.yaml ├── OSV-2023-206.yaml ├── OSV-2023-211.yaml ├── OSV-2023-212.yaml ├── OSV-2023-213.yaml ├── OSV-2023-215.yaml ├── OSV-2023-249.yaml ├── OSV-2023-474.yaml ├── OSV-2023-477.yaml ├── OSV-2023-61.yaml ├── OSV-2023-684.yaml ├── OSV-2023-953.yaml ├── OSV-2023-969.yaml ├── OSV-2023-988.yaml ├── OSV-2023-990.yaml ├── OSV-2023-999.yaml ├── OSV-2024-103.yaml ├── OSV-2024-1209.yaml ├── OSV-2024-193.yaml ├── OSV-2024-194.yaml ├── OSV-2024-198.yaml ├── OSV-2024-217.yaml ├── OSV-2024-634.yaml ├── OSV-2024-698.yaml ├── OSV-2024-77.yaml ├── OSV-2024-81.yaml ├── OSV-2024-82.yaml └── OSV-2025-74.yaml ├── libxslt ├── OSV-2020-1056.yaml ├── OSV-2020-1065.yaml ├── OSV-2020-1078.yaml ├── OSV-2020-1130.yaml ├── OSV-2020-1154.yaml ├── OSV-2020-1210.yaml ├── OSV-2020-1332.yaml ├── OSV-2020-705.yaml ├── OSV-2020-730.yaml ├── OSV-2023-181.yaml ├── OSV-2023-242.yaml └── OSV-2023-265.yaml ├── libyal ├── OSV-2021-725.yaml └── OSV-2021-729.yaml ├── libyaml └── OSV-2020-1611.yaml ├── libzip └── OSV-2023-31.yaml ├── libzmq ├── OSV-2020-1655.yaml ├── OSV-2020-1887.yaml ├── OSV-2020-784.yaml ├── OSV-2020-910.yaml └── OSV-2022-478.yaml ├── llamacpp ├── OSV-2024-1053.yaml ├── OSV-2024-1090.yaml ├── OSV-2024-1253.yaml └── OSV-2024-1266.yaml ├── lua ├── OSV-2021-1171.yaml ├── OSV-2021-1173.yaml ├── OSV-2021-205.yaml ├── OSV-2021-447.yaml ├── OSV-2021-512.yaml └── OSV-2021-542.yaml ├── lucene ├── OSV-2023-408.yaml ├── OSV-2023-610.yaml ├── OSV-2023-627.yaml ├── OSV-2023-696.yaml ├── OSV-2023-705.yaml ├── OSV-2023-743.yaml ├── OSV-2023-793.yaml ├── OSV-2023-883.yaml ├── OSV-2023-971.yaml ├── OSV-2024-1191.yaml └── OSV-2024-1254.yaml ├── lwan ├── OSV-2020-1165.yaml ├── OSV-2020-279.yaml ├── OSV-2020-322.yaml ├── OSV-2020-335.yaml ├── OSV-2020-337.yaml ├── OSV-2020-341.yaml ├── OSV-2020-373.yaml ├── OSV-2020-394.yaml ├── OSV-2020-406.yaml ├── OSV-2020-410.yaml ├── OSV-2020-431.yaml ├── OSV-2020-462.yaml ├── OSV-2020-504.yaml ├── OSV-2020-605.yaml ├── OSV-2020-632.yaml ├── OSV-2020-665.yaml ├── OSV-2020-668.yaml ├── OSV-2020-685.yaml ├── OSV-2022-320.yaml └── OSV-2024-714.yaml ├── lxc └── OSV-2021-679.yaml ├── lz4 ├── OSV-2020-624.yaml ├── OSV-2022-549.yaml ├── OSV-2022-563.yaml └── OSV-2022-571.yaml ├── mapserver ├── OSV-2022-1013.yaml ├── OSV-2022-1015.yaml ├── OSV-2022-1026.yaml ├── OSV-2022-1041.yaml └── OSV-2022-1052.yaml ├── matio ├── OSV-2020-1209.yaml ├── OSV-2020-1489.yaml ├── OSV-2020-2138.yaml ├── OSV-2020-2168.yaml ├── OSV-2020-2300.yaml ├── OSV-2020-2301.yaml ├── OSV-2020-427.yaml ├── OSV-2020-491.yaml ├── OSV-2020-526.yaml ├── OSV-2020-727.yaml ├── OSV-2020-782.yaml ├── OSV-2020-786.yaml ├── OSV-2020-796.yaml ├── OSV-2020-799.yaml ├── OSV-2020-805.yaml ├── OSV-2020-813.yaml ├── OSV-2020-835.yaml ├── OSV-2020-836.yaml ├── OSV-2020-842.yaml ├── OSV-2020-851.yaml ├── OSV-2020-852.yaml ├── OSV-2020-857.yaml ├── OSV-2020-858.yaml ├── OSV-2020-859.yaml ├── OSV-2020-864.yaml ├── OSV-2020-871.yaml ├── OSV-2020-877.yaml ├── OSV-2021-1150.yaml ├── OSV-2021-1166.yaml ├── OSV-2021-1197.yaml ├── OSV-2021-1262.yaml ├── OSV-2021-141.yaml ├── OSV-2021-145.yaml ├── OSV-2021-1580.yaml ├── OSV-2021-162.yaml ├── OSV-2021-169.yaml ├── OSV-2021-175.yaml ├── OSV-2021-184.yaml ├── OSV-2021-218.yaml ├── OSV-2021-219.yaml ├── OSV-2021-278.yaml ├── OSV-2021-363.yaml ├── OSV-2021-367.yaml ├── OSV-2021-440.yaml ├── OSV-2021-60.yaml ├── OSV-2021-64.yaml ├── OSV-2021-789.yaml ├── OSV-2023-1050.yaml ├── OSV-2023-1062.yaml ├── OSV-2023-1073.yaml ├── OSV-2023-1140.yaml ├── OSV-2023-1256.yaml ├── OSV-2023-723.yaml ├── OSV-2024-163.yaml ├── OSV-2024-223.yaml ├── OSV-2024-239.yaml ├── OSV-2024-265.yaml ├── OSV-2024-274.yaml ├── OSV-2024-333.yaml └── OSV-2024-793.yaml ├── mbedtls └── OSV-2022-1223.yaml ├── md4c ├── OSV-2022-126.yaml ├── OSV-2022-40.yaml └── OSV-2022-42.yaml ├── mdbtools ├── OSV-2021-1003.yaml └── OSV-2021-958.yaml ├── miniz ├── OSV-2020-2103.yaml ├── OSV-2020-2151.yaml ├── OSV-2024-550.yaml └── OSV-2024-551.yaml ├── mongoose ├── OSV-2022-1136.yaml ├── OSV-2022-1151.yaml ├── OSV-2022-937.yaml ├── OSV-2022-953.yaml ├── OSV-2023-345.yaml ├── OSV-2023-867.yaml ├── OSV-2023-896.yaml └── OSV-2023-980.yaml ├── mosquitto ├── OSV-2023-177.yaml ├── OSV-2023-326.yaml ├── OSV-2023-460.yaml ├── OSV-2023-66.yaml ├── OSV-2023-67.yaml └── OSV-2024-314.yaml ├── mrab-regex └── OSV-2023-885.yaml ├── mruby ├── OSV-2020-1092.yaml ├── OSV-2020-14.yaml ├── OSV-2020-2081.yaml ├── OSV-2020-253.yaml ├── OSV-2020-323.yaml ├── OSV-2020-447.yaml ├── OSV-2020-562.yaml ├── OSV-2020-739.yaml ├── OSV-2020-744.yaml ├── OSV-2021-1045.yaml ├── OSV-2021-1109.yaml ├── OSV-2021-1213.yaml ├── OSV-2021-1218.yaml ├── OSV-2021-1340.yaml ├── OSV-2021-1448.yaml ├── OSV-2021-1452.yaml ├── OSV-2021-1453.yaml ├── OSV-2021-1455.yaml ├── OSV-2021-392.yaml ├── OSV-2021-794.yaml ├── OSV-2021-799.yaml ├── OSV-2021-849.yaml ├── OSV-2021-912.yaml ├── OSV-2021-913.yaml ├── OSV-2021-914.yaml ├── OSV-2022-1160.yaml ├── OSV-2022-1161.yaml ├── OSV-2022-1163.yaml ├── OSV-2022-393.yaml ├── OSV-2022-550.yaml ├── OSV-2022-556.yaml ├── OSV-2022-562.yaml ├── OSV-2022-578.yaml ├── OSV-2022-599.yaml ├── OSV-2022-600.yaml ├── OSV-2022-601.yaml ├── OSV-2022-603.yaml ├── OSV-2022-605.yaml ├── OSV-2022-606.yaml ├── OSV-2022-619.yaml ├── OSV-2022-621.yaml ├── OSV-2022-622.yaml ├── OSV-2022-628.yaml ├── OSV-2022-632.yaml ├── OSV-2022-637.yaml ├── OSV-2022-652.yaml ├── OSV-2022-665.yaml ├── OSV-2022-672.yaml ├── OSV-2022-679.yaml ├── OSV-2023-118.yaml ├── OSV-2023-151.yaml ├── OSV-2023-176.yaml ├── OSV-2023-178.yaml ├── OSV-2023-180.yaml ├── OSV-2023-183.yaml ├── OSV-2023-192.yaml ├── OSV-2023-200.yaml ├── OSV-2023-252.yaml ├── OSV-2023-280.yaml ├── OSV-2023-282.yaml ├── OSV-2023-366.yaml ├── OSV-2023-384.yaml ├── OSV-2023-499.yaml ├── OSV-2023-881.yaml ├── OSV-2023-937.yaml ├── OSV-2024-102.yaml ├── OSV-2024-104.yaml ├── OSV-2024-1128.yaml ├── OSV-2024-1175.yaml ├── OSV-2024-1282.yaml ├── OSV-2024-1411.yaml ├── OSV-2024-29.yaml ├── OSV-2024-30.yaml ├── OSV-2024-65.yaml ├── OSV-2024-66.yaml └── OSV-2024-96.yaml ├── muparser ├── OSV-2020-1009.yaml ├── OSV-2020-1093.yaml ├── OSV-2020-1156.yaml ├── OSV-2020-1330.yaml └── OSV-2020-1349.yaml ├── mupdf ├── OSV-2018-233.yaml ├── OSV-2018-237.yaml ├── OSV-2018-245.yaml ├── OSV-2018-247.yaml ├── OSV-2018-252.yaml ├── OSV-2018-255.yaml ├── OSV-2018-256.yaml ├── OSV-2018-274.yaml ├── OSV-2018-279.yaml ├── OSV-2018-284.yaml ├── OSV-2018-288.yaml ├── OSV-2018-291.yaml ├── OSV-2018-293.yaml ├── OSV-2018-300.yaml ├── OSV-2018-301.yaml ├── OSV-2018-310.yaml ├── OSV-2018-332.yaml ├── OSV-2018-347.yaml ├── OSV-2018-358.yaml ├── OSV-2018-362.yaml ├── OSV-2018-367.yaml ├── OSV-2018-368.yaml ├── OSV-2018-384.yaml ├── OSV-2018-388.yaml ├── OSV-2018-408.yaml ├── OSV-2018-413.yaml ├── OSV-2018-414.yaml ├── OSV-2018-422.yaml ├── OSV-2018-426.yaml ├── OSV-2018-428.yaml ├── OSV-2018-441.yaml ├── OSV-2018-446.yaml ├── OSV-2018-448.yaml ├── OSV-2018-451.yaml ├── OSV-2018-454.yaml ├── OSV-2018-459.yaml └── OSV-2021-212.yaml ├── myanmar-tools └── OSV-2023-302.yaml ├── mysql-server └── OSV-2020-1928.yaml ├── nanopb ├── OSV-2020-1564.yaml ├── OSV-2020-1565.yaml └── OSV-2020-1567.yaml ├── ndpi ├── OSV-2020-10.yaml ├── OSV-2020-1011.yaml ├── OSV-2020-1013.yaml ├── OSV-2020-1015.yaml ├── OSV-2020-1019.yaml ├── OSV-2020-1074.yaml ├── OSV-2020-1075.yaml ├── OSV-2020-1082.yaml ├── OSV-2020-1112.yaml ├── OSV-2020-1114.yaml ├── OSV-2020-1131.yaml ├── OSV-2020-1133.yaml ├── OSV-2020-1187.yaml ├── OSV-2020-1194.yaml ├── OSV-2020-12.yaml ├── OSV-2020-122.yaml ├── OSV-2020-1233.yaml ├── OSV-2020-1263.yaml ├── OSV-2020-1294.yaml ├── OSV-2020-1314.yaml ├── OSV-2020-136.yaml ├── OSV-2020-142.yaml ├── OSV-2020-154.yaml ├── OSV-2020-1566.yaml ├── OSV-2020-166.yaml ├── OSV-2020-171.yaml ├── OSV-2020-1715.yaml ├── OSV-2020-1717.yaml ├── OSV-2020-1729.yaml ├── OSV-2020-177.yaml ├── OSV-2020-178.yaml ├── OSV-2020-179.yaml ├── OSV-2020-18.yaml ├── OSV-2020-181.yaml ├── OSV-2020-1827.yaml ├── OSV-2020-185.yaml ├── OSV-2020-1884.yaml ├── OSV-2020-194.yaml ├── OSV-2020-2126.yaml ├── OSV-2020-2206.yaml ├── OSV-2020-2298.yaml ├── OSV-2020-236.yaml ├── OSV-2020-242.yaml ├── OSV-2020-245.yaml ├── OSV-2020-28.yaml ├── OSV-2020-342.yaml ├── OSV-2020-39.yaml ├── OSV-2020-4.yaml ├── OSV-2020-40.yaml ├── OSV-2020-49.yaml ├── OSV-2020-59.yaml ├── OSV-2020-60.yaml ├── OSV-2020-67.yaml ├── OSV-2020-70.yaml ├── OSV-2020-71.yaml ├── OSV-2020-747.yaml ├── OSV-2020-774.yaml ├── OSV-2020-78.yaml ├── OSV-2020-780.yaml ├── OSV-2020-795.yaml ├── OSV-2020-806.yaml ├── OSV-2020-812.yaml ├── OSV-2020-821.yaml ├── OSV-2020-829.yaml ├── OSV-2020-875.yaml ├── OSV-2020-912.yaml ├── OSV-2020-918.yaml ├── OSV-2020-919.yaml ├── OSV-2020-92.yaml ├── OSV-2020-922.yaml ├── OSV-2020-956.yaml ├── OSV-2020-962.yaml ├── OSV-2020-972.yaml ├── OSV-2020-992.yaml ├── OSV-2020-994.yaml ├── OSV-2021-1476.yaml ├── OSV-2021-1804.yaml ├── OSV-2021-1805.yaml ├── OSV-2021-298.yaml ├── OSV-2021-304.yaml ├── OSV-2021-784.yaml ├── OSV-2021-868.yaml ├── OSV-2021-872.yaml ├── OSV-2022-1022.yaml ├── OSV-2022-1025.yaml ├── OSV-2022-1032.yaml ├── OSV-2022-1055.yaml ├── OSV-2022-120.yaml ├── OSV-2022-191.yaml ├── OSV-2022-202.yaml ├── OSV-2022-325.yaml ├── OSV-2022-341.yaml ├── OSV-2022-376.yaml ├── OSV-2022-443.yaml ├── OSV-2022-445.yaml ├── OSV-2022-447.yaml ├── OSV-2022-48.yaml ├── OSV-2022-481.yaml ├── OSV-2022-483.yaml ├── OSV-2022-661.yaml ├── OSV-2022-670.yaml ├── OSV-2022-691.yaml ├── OSV-2022-695.yaml ├── OSV-2022-709.yaml ├── OSV-2022-712.yaml ├── OSV-2023-1004.yaml ├── OSV-2023-102.yaml ├── OSV-2023-1093.yaml ├── OSV-2023-1354.yaml ├── OSV-2023-1357.yaml ├── OSV-2023-1364.yaml ├── OSV-2023-19.yaml ├── OSV-2023-219.yaml ├── OSV-2023-229.yaml ├── OSV-2023-243.yaml ├── OSV-2023-436.yaml ├── OSV-2023-504.yaml ├── OSV-2023-509.yaml ├── OSV-2023-566.yaml ├── OSV-2023-573.yaml ├── OSV-2023-776.yaml ├── OSV-2024-1326.yaml ├── OSV-2024-1330.yaml ├── OSV-2024-1380.yaml ├── OSV-2024-246.yaml ├── OSV-2024-293.yaml ├── OSV-2024-469.yaml ├── OSV-2024-552.yaml ├── OSV-2025-145.yaml ├── OSV-2025-147.yaml ├── OSV-2025-149.yaml ├── OSV-2025-154.yaml ├── OSV-2025-156.yaml ├── OSV-2025-160.yaml ├── OSV-2025-80.yaml ├── OSV-2025-81.yaml └── OSV-2025-85.yaml ├── nestegg └── OSV-2020-633.yaml ├── net-snmp ├── OSV-2020-384.yaml ├── OSV-2021-1105.yaml ├── OSV-2021-1113.yaml ├── OSV-2021-1167.yaml ├── OSV-2021-1172.yaml ├── OSV-2021-1179.yaml ├── OSV-2021-1502.yaml ├── OSV-2021-1505.yaml ├── OSV-2021-1595.yaml ├── OSV-2021-1628.yaml ├── OSV-2022-1059.yaml ├── OSV-2022-702.yaml ├── OSV-2022-705.yaml ├── OSV-2023-903.yaml ├── OSV-2025-113.yaml ├── OSV-2025-114.yaml ├── OSV-2025-119.yaml ├── OSV-2025-132.yaml ├── OSV-2025-133.yaml ├── OSV-2025-148.yaml ├── OSV-2025-161.yaml ├── OSV-2025-162.yaml └── OSV-2025-178.yaml ├── ninja ├── OSV-2024-409.yaml ├── OSV-2024-420.yaml ├── OSV-2024-423.yaml └── OSV-2024-431.yaml ├── ntopng ├── OSV-2023-1160.yaml ├── OSV-2023-1214.yaml ├── OSV-2023-1352.yaml ├── OSV-2023-1360.yaml ├── OSV-2023-1375.yaml ├── OSV-2023-1381.yaml ├── OSV-2023-423.yaml ├── OSV-2023-425.yaml ├── OSV-2023-462.yaml ├── OSV-2023-480.yaml ├── OSV-2023-507.yaml ├── OSV-2023-688.yaml ├── OSV-2023-697.yaml ├── OSV-2023-710.yaml ├── OSV-2023-726.yaml ├── OSV-2023-741.yaml ├── OSV-2023-761.yaml ├── OSV-2023-976.yaml ├── OSV-2025-84.yaml └── OSV-2025-88.yaml ├── oatpp ├── OSV-2025-61.yaml └── OSV-2025-7.yaml ├── oniguruma ├── OSV-2020-1113.yaml ├── OSV-2020-1168.yaml ├── OSV-2020-1235.yaml ├── OSV-2020-1834.yaml ├── OSV-2020-53.yaml ├── OSV-2022-1142.yaml ├── OSV-2022-1144.yaml ├── OSV-2022-1145.yaml └── OSV-2022-1149.yaml ├── open62541 ├── OSV-2017-10.yaml ├── OSV-2017-101.yaml ├── OSV-2017-29.yaml ├── OSV-2017-42.yaml ├── OSV-2017-48.yaml ├── OSV-2017-55.yaml ├── OSV-2017-58.yaml ├── OSV-2017-66.yaml ├── OSV-2017-78.yaml ├── OSV-2018-210.yaml ├── OSV-2018-50.yaml ├── OSV-2020-1423.yaml ├── OSV-2020-1491.yaml ├── OSV-2020-153.yaml ├── OSV-2020-1643.yaml ├── OSV-2020-1677.yaml ├── OSV-2020-214.yaml ├── OSV-2020-2328.yaml ├── OSV-2020-248.yaml ├── OSV-2020-308.yaml ├── OSV-2020-352.yaml ├── OSV-2020-379.yaml ├── OSV-2020-416.yaml ├── OSV-2020-475.yaml ├── OSV-2020-494.yaml ├── OSV-2020-593.yaml ├── OSV-2020-614.yaml ├── OSV-2020-663.yaml ├── OSV-2020-675.yaml ├── OSV-2020-676.yaml ├── OSV-2020-879.yaml ├── OSV-2021-1059.yaml ├── OSV-2021-120.yaml ├── OSV-2021-1430.yaml ├── OSV-2022-1235.yaml ├── OSV-2022-127.yaml ├── OSV-2022-151.yaml ├── OSV-2022-680.yaml └── OSV-2022-802.yaml ├── opencensus-cpp └── OSV-2021-1301.yaml ├── opencv ├── OSV-2020-1004.yaml ├── OSV-2020-1039.yaml ├── OSV-2020-1069.yaml ├── OSV-2020-1200.yaml ├── OSV-2020-1252.yaml ├── OSV-2020-1256.yaml ├── OSV-2020-1819.yaml ├── OSV-2020-927.yaml ├── OSV-2020-954.yaml ├── OSV-2020-987.yaml ├── OSV-2022-188.yaml ├── OSV-2022-394.yaml ├── OSV-2023-444.yaml ├── OSV-2024-1417.yaml ├── OSV-2025-16.yaml ├── OSV-2025-17.yaml ├── OSV-2025-190.yaml ├── OSV-2025-51.yaml └── OSV-2025-68.yaml ├── openexr ├── OSV-2020-1610.yaml ├── OSV-2020-1809.yaml ├── OSV-2021-1368.yaml ├── OSV-2021-1371.yaml ├── OSV-2021-1389.yaml ├── OSV-2021-1400.yaml ├── OSV-2021-1406.yaml ├── OSV-2021-1408.yaml ├── OSV-2021-1409.yaml ├── OSV-2021-1410.yaml ├── OSV-2021-1414.yaml ├── OSV-2021-1415.yaml ├── OSV-2021-1420.yaml ├── OSV-2021-1429.yaml ├── OSV-2021-1437.yaml ├── OSV-2021-1440.yaml ├── OSV-2021-1451.yaml ├── OSV-2021-1457.yaml ├── OSV-2021-1470.yaml ├── OSV-2021-1479.yaml ├── OSV-2021-1482.yaml ├── OSV-2021-1627.yaml ├── OSV-2021-1646.yaml ├── OSV-2021-2.yaml ├── OSV-2021-443.yaml ├── OSV-2022-1098.yaml ├── OSV-2022-258.yaml ├── OSV-2022-306.yaml ├── OSV-2022-313.yaml ├── OSV-2022-413.yaml ├── OSV-2022-419.yaml ├── OSV-2022-58.yaml ├── OSV-2022-666.yaml ├── OSV-2022-77.yaml ├── OSV-2022-82.yaml ├── OSV-2023-407.yaml ├── OSV-2023-426.yaml ├── OSV-2023-437.yaml └── OSV-2023-445.yaml ├── openh264 ├── OSV-2020-1041.yaml ├── OSV-2020-1042.yaml ├── OSV-2020-1049.yaml ├── OSV-2020-1098.yaml ├── OSV-2020-1115.yaml ├── OSV-2020-1127.yaml ├── OSV-2020-1172.yaml ├── OSV-2020-1186.yaml ├── OSV-2020-1203.yaml ├── OSV-2020-1220.yaml ├── OSV-2020-1250.yaml ├── OSV-2020-1258.yaml ├── OSV-2020-1289.yaml ├── OSV-2020-1296.yaml ├── OSV-2020-1312.yaml ├── OSV-2020-1847.yaml ├── OSV-2020-1852.yaml ├── OSV-2020-1853.yaml ├── OSV-2020-1854.yaml ├── OSV-2020-1855.yaml ├── OSV-2020-1857.yaml ├── OSV-2020-1898.yaml ├── OSV-2020-1899.yaml ├── OSV-2020-2002.yaml ├── OSV-2020-2007.yaml ├── OSV-2020-2045.yaml ├── OSV-2020-2061.yaml ├── OSV-2020-2062.yaml ├── OSV-2020-2063.yaml ├── OSV-2020-2064.yaml ├── OSV-2020-2065.yaml ├── OSV-2020-2067.yaml ├── OSV-2020-2068.yaml ├── OSV-2020-2074.yaml ├── OSV-2020-2076.yaml ├── OSV-2020-2078.yaml ├── OSV-2020-2084.yaml ├── OSV-2020-2085.yaml ├── OSV-2020-2091.yaml ├── OSV-2020-2093.yaml ├── OSV-2020-2097.yaml ├── OSV-2020-2107.yaml ├── OSV-2020-2115.yaml ├── OSV-2020-2121.yaml ├── OSV-2020-2141.yaml ├── OSV-2020-2263.yaml ├── OSV-2020-2274.yaml ├── OSV-2020-2297.yaml ├── OSV-2020-261.yaml ├── OSV-2020-414.yaml ├── OSV-2020-502.yaml ├── OSV-2020-503.yaml ├── OSV-2020-555.yaml ├── OSV-2020-578.yaml ├── OSV-2020-607.yaml ├── OSV-2020-671.yaml ├── OSV-2020-681.yaml ├── OSV-2020-692.yaml ├── OSV-2020-736.yaml ├── OSV-2021-204.yaml ├── OSV-2021-245.yaml ├── OSV-2021-362.yaml ├── OSV-2021-37.yaml └── OSV-2024-233.yaml ├── openjpeg ├── OSV-2017-22.yaml ├── OSV-2017-35.yaml ├── OSV-2017-5.yaml ├── OSV-2017-61.yaml ├── OSV-2020-610.yaml ├── OSV-2022-416.yaml └── OSV-2024-1279.yaml ├── opensc ├── OSV-2020-1017.yaml ├── OSV-2020-1040.yaml ├── OSV-2020-1046.yaml ├── OSV-2020-1288.yaml ├── OSV-2020-1351.yaml ├── OSV-2020-1720.yaml ├── OSV-2020-1836.yaml ├── OSV-2020-1844.yaml ├── OSV-2020-1848.yaml ├── OSV-2020-1860.yaml ├── OSV-2020-1981.yaml ├── OSV-2020-1990.yaml ├── OSV-2020-209.yaml ├── OSV-2020-2157.yaml ├── OSV-2020-2178.yaml ├── OSV-2020-2222.yaml ├── OSV-2020-2254.yaml ├── OSV-2020-2276.yaml ├── OSV-2020-366.yaml ├── OSV-2020-452.yaml ├── OSV-2020-525.yaml ├── OSV-2020-55.yaml ├── OSV-2020-680.yaml ├── OSV-2020-693.yaml ├── OSV-2020-709.yaml ├── OSV-2020-885.yaml ├── OSV-2020-969.yaml ├── OSV-2021-1017.yaml ├── OSV-2021-262.yaml ├── OSV-2021-474.yaml ├── OSV-2021-537.yaml ├── OSV-2021-538.yaml ├── OSV-2021-915.yaml ├── OSV-2022-1084.yaml ├── OSV-2022-1175.yaml ├── OSV-2022-1188.yaml ├── OSV-2022-1201.yaml ├── OSV-2022-1232.yaml ├── OSV-2022-231.yaml ├── OSV-2022-237.yaml ├── OSV-2022-244.yaml ├── OSV-2022-268.yaml ├── OSV-2022-276.yaml ├── OSV-2022-282.yaml ├── OSV-2022-283.yaml ├── OSV-2022-342.yaml ├── OSV-2022-345.yaml ├── OSV-2022-361.yaml ├── OSV-2022-380.yaml ├── OSV-2022-386.yaml ├── OSV-2022-421.yaml ├── OSV-2022-423.yaml ├── OSV-2022-434.yaml ├── OSV-2022-437.yaml ├── OSV-2022-439.yaml ├── OSV-2022-451.yaml ├── OSV-2022-520.yaml ├── OSV-2022-564.yaml ├── OSV-2022-604.yaml ├── OSV-2022-773.yaml ├── OSV-2022-801.yaml ├── OSV-2022-961.yaml ├── OSV-2023-1002.yaml ├── OSV-2023-1068.yaml ├── OSV-2023-1126.yaml ├── OSV-2023-1163.yaml ├── OSV-2023-1169.yaml ├── OSV-2023-1228.yaml ├── OSV-2023-1276.yaml ├── OSV-2023-395.yaml ├── OSV-2023-560.yaml ├── OSV-2023-576.yaml ├── OSV-2023-578.yaml ├── OSV-2023-586.yaml ├── OSV-2023-609.yaml ├── OSV-2023-631.yaml ├── OSV-2023-744.yaml ├── OSV-2023-753.yaml ├── OSV-2023-899.yaml ├── OSV-2023-98.yaml ├── OSV-2023-993.yaml └── OSV-2024-17.yaml ├── opensips ├── OSV-2021-1585.yaml ├── OSV-2022-1029.yaml ├── OSV-2022-1044.yaml ├── OSV-2022-1153.yaml ├── OSV-2022-1165.yaml └── OSV-2022-1173.yaml ├── openssl ├── OSV-2018-109.yaml ├── OSV-2018-153.yaml ├── OSV-2020-223.yaml ├── OSV-2020-29.yaml ├── OSV-2020-386.yaml ├── OSV-2020-430.yaml ├── OSV-2020-442.yaml ├── OSV-2024-635.yaml ├── OSV-2024-636.yaml └── OSV-2024-640.yaml ├── openthread ├── OSV-2017-119.yaml ├── OSV-2018-55.yaml ├── OSV-2020-1292.yaml ├── OSV-2020-164.yaml ├── OSV-2020-1668.yaml ├── OSV-2020-2247.yaml ├── OSV-2020-2259.yaml ├── OSV-2020-2264.yaml ├── OSV-2020-258.yaml ├── OSV-2020-289.yaml ├── OSV-2020-305.yaml ├── OSV-2020-336.yaml ├── OSV-2020-343.yaml ├── OSV-2020-353.yaml ├── OSV-2020-354.yaml ├── OSV-2020-369.yaml ├── OSV-2020-380.yaml ├── OSV-2020-383.yaml ├── OSV-2020-396.yaml ├── OSV-2020-413.yaml ├── OSV-2020-467.yaml ├── OSV-2020-468.yaml ├── OSV-2020-471.yaml ├── OSV-2020-489.yaml ├── OSV-2020-496.yaml ├── OSV-2020-510.yaml ├── OSV-2020-528.yaml ├── OSV-2020-531.yaml ├── OSV-2020-57.yaml ├── OSV-2020-596.yaml ├── OSV-2020-597.yaml ├── OSV-2020-598.yaml ├── OSV-2020-608.yaml ├── OSV-2020-619.yaml ├── OSV-2020-626.yaml ├── OSV-2020-639.yaml ├── OSV-2020-640.yaml ├── OSV-2020-643.yaml ├── OSV-2020-670.yaml ├── OSV-2020-672.yaml ├── OSV-2020-690.yaml ├── OSV-2020-700.yaml ├── OSV-2020-721.yaml ├── OSV-2020-728.yaml ├── OSV-2020-729.yaml ├── OSV-2020-732.yaml ├── OSV-2021-1099.yaml ├── OSV-2021-152.yaml ├── OSV-2021-386.yaml ├── OSV-2021-411.yaml ├── OSV-2021-435.yaml ├── OSV-2021-52.yaml └── OSV-2025-289.yaml ├── openvpn └── OSV-2022-1276.yaml ├── openvswitch ├── OSV-2018-111.yaml ├── OSV-2018-131.yaml ├── OSV-2018-138.yaml ├── OSV-2018-157.yaml ├── OSV-2018-158.yaml ├── OSV-2018-173.yaml ├── OSV-2018-62.yaml ├── OSV-2018-70.yaml ├── OSV-2018-71.yaml ├── OSV-2018-83.yaml ├── OSV-2020-1382.yaml ├── OSV-2020-1414.yaml ├── OSV-2020-2166.yaml ├── OSV-2020-2197.yaml ├── OSV-2020-434.yaml ├── OSV-2020-872.yaml └── OSV-2020-873.yaml ├── osquery └── OSV-2022-763.yaml ├── ots └── OSV-2020-580.yaml ├── p11-kit ├── OSV-2023-197.yaml ├── OSV-2023-205.yaml └── OSV-2024-177.yaml ├── pcapplusplus ├── OSV-2020-1125.yaml ├── OSV-2020-1152.yaml ├── OSV-2020-1188.yaml ├── OSV-2020-1202.yaml ├── OSV-2020-1204.yaml ├── OSV-2020-1237.yaml ├── OSV-2020-1238.yaml ├── OSV-2020-129.yaml ├── OSV-2020-1297.yaml ├── OSV-2020-1307.yaml ├── OSV-2020-1310.yaml ├── OSV-2020-1315.yaml ├── OSV-2020-1331.yaml ├── OSV-2020-1371.yaml ├── OSV-2020-1587.yaml ├── OSV-2020-1687.yaml ├── OSV-2020-1807.yaml ├── OSV-2020-1863.yaml ├── OSV-2020-1999.yaml ├── OSV-2020-207.yaml ├── OSV-2020-208.yaml ├── OSV-2020-2100.yaml ├── OSV-2020-218.yaml ├── OSV-2020-224.yaml ├── OSV-2020-2285.yaml ├── OSV-2020-24.yaml ├── OSV-2020-3.yaml ├── OSV-2020-45.yaml ├── OSV-2020-50.yaml ├── OSV-2020-772.yaml ├── OSV-2020-773.yaml ├── OSV-2020-781.yaml ├── OSV-2020-920.yaml ├── OSV-2020-930.yaml ├── OSV-2020-943.yaml ├── OSV-2020-945.yaml ├── OSV-2020-973.yaml ├── OSV-2020-982.yaml ├── OSV-2022-1154.yaml ├── OSV-2022-5.yaml ├── OSV-2022-848.yaml ├── OSV-2023-1145.yaml ├── OSV-2023-1146.yaml ├── OSV-2023-1147.yaml ├── OSV-2023-1150.yaml ├── OSV-2023-1153.yaml ├── OSV-2023-1154.yaml ├── OSV-2023-1168.yaml ├── OSV-2023-1171.yaml ├── OSV-2023-1172.yaml ├── OSV-2023-1174.yaml ├── OSV-2023-1201.yaml ├── OSV-2023-1232.yaml ├── OSV-2023-1259.yaml ├── OSV-2023-1306.yaml ├── OSV-2023-745.yaml ├── OSV-2024-1009.yaml ├── OSV-2024-1023.yaml ├── OSV-2024-170.yaml ├── OSV-2024-334.yaml ├── OSV-2024-341.yaml ├── OSV-2024-343.yaml ├── OSV-2024-352.yaml ├── OSV-2024-360.yaml ├── OSV-2024-369.yaml ├── OSV-2024-382.yaml ├── OSV-2024-393.yaml ├── OSV-2024-801.yaml ├── OSV-2024-812.yaml ├── OSV-2024-816.yaml ├── OSV-2024-867.yaml ├── OSV-2024-947.yaml ├── OSV-2024-953.yaml ├── OSV-2024-954.yaml ├── OSV-2024-957.yaml ├── OSV-2024-967.yaml ├── OSV-2024-987.yaml └── OSV-2025-33.yaml ├── pcl ├── OSV-2022-614.yaml └── OSV-2022-795.yaml ├── pcre2 ├── OSV-2023-673.yaml ├── OSV-2023-674.yaml ├── OSV-2024-1237.yaml ├── OSV-2024-1261.yaml ├── OSV-2024-161.yaml ├── OSV-2024-173.yaml ├── OSV-2024-182.yaml ├── OSV-2024-187.yaml ├── OSV-2024-309.yaml ├── OSV-2024-324.yaml └── OSV-2025-300.yaml ├── perfetto ├── OSV-2020-2273.yaml ├── OSV-2020-240.yaml ├── OSV-2020-376.yaml ├── OSV-2020-449.yaml ├── OSV-2020-518.yaml ├── OSV-2020-589.yaml ├── OSV-2020-65.yaml ├── OSV-2020-653.yaml ├── OSV-2020-657.yaml ├── OSV-2020-658.yaml ├── OSV-2020-769.yaml ├── OSV-2021-1605.yaml ├── OSV-2021-776.yaml ├── OSV-2021-781.yaml ├── OSV-2021-791.yaml ├── OSV-2021-801.yaml ├── OSV-2022-331.yaml ├── OSV-2022-531.yaml ├── OSV-2022-854.yaml ├── OSV-2022-943.yaml └── OSV-2023-72.yaml ├── php ├── OSV-2020-1525.yaml ├── OSV-2020-1547.yaml ├── OSV-2020-1683.yaml ├── OSV-2020-1700.yaml ├── OSV-2020-1735.yaml ├── OSV-2020-1741.yaml ├── OSV-2020-1762.yaml ├── OSV-2020-1768.yaml ├── OSV-2020-1777.yaml ├── OSV-2020-1779.yaml ├── OSV-2020-1787.yaml ├── OSV-2020-2056.yaml ├── OSV-2020-2230.yaml ├── OSV-2021-1174.yaml ├── OSV-2021-1194.yaml ├── OSV-2021-1199.yaml ├── OSV-2021-1217.yaml ├── OSV-2021-1670.yaml ├── OSV-2021-1759.yaml ├── OSV-2021-1780.yaml ├── OSV-2021-455.yaml ├── OSV-2021-509.yaml ├── OSV-2021-651.yaml ├── OSV-2021-667.yaml ├── OSV-2021-669.yaml ├── OSV-2021-731.yaml ├── OSV-2021-736.yaml ├── OSV-2021-926.yaml ├── OSV-2022-181.yaml ├── OSV-2022-235.yaml ├── OSV-2022-238.yaml ├── OSV-2022-32.yaml ├── OSV-2022-41.yaml ├── OSV-2022-57.yaml ├── OSV-2022-573.yaml ├── OSV-2022-863.yaml ├── OSV-2022-87.yaml ├── OSV-2023-1075.yaml ├── OSV-2023-1095.yaml ├── OSV-2023-1098.yaml ├── OSV-2023-1167.yaml ├── OSV-2023-1243.yaml ├── OSV-2023-1299.yaml ├── OSV-2023-1302.yaml ├── OSV-2023-1325.yaml ├── OSV-2023-38.yaml ├── OSV-2023-409.yaml ├── OSV-2023-49.yaml ├── OSV-2023-598.yaml ├── OSV-2023-69.yaml └── OSV-2024-88.yaml ├── picotls └── OSV-2020-1022.yaml ├── piex └── OSV-2021-1287.yaml ├── pillow ├── OSV-2022-1074.yaml └── OSV-2022-715.yaml ├── pistache ├── OSV-2024-322.yaml └── OSV-2024-832.yaml ├── pjsip └── OSV-2024-453.yaml ├── poco ├── OSV-2024-1071.yaml ├── OSV-2024-1216.yaml ├── OSV-2024-1218.yaml ├── OSV-2024-1272.yaml ├── OSV-2025-275.yaml ├── OSV-2025-291.yaml └── OSV-2025-32.yaml ├── poppler ├── OSV-2018-154.yaml ├── OSV-2018-17.yaml ├── OSV-2018-200.yaml ├── OSV-2020-111.yaml ├── OSV-2020-1158.yaml ├── OSV-2020-1264.yaml ├── OSV-2020-1278.yaml ├── OSV-2020-1340.yaml ├── OSV-2020-1664.yaml ├── OSV-2020-173.yaml ├── OSV-2020-2165.yaml ├── OSV-2020-2303.yaml ├── OSV-2020-713.yaml ├── OSV-2020-794.yaml ├── OSV-2021-1250.yaml ├── OSV-2021-1258.yaml ├── OSV-2021-389.yaml ├── OSV-2021-41.yaml ├── OSV-2021-607.yaml ├── OSV-2021-813.yaml ├── OSV-2023-1016.yaml ├── OSV-2023-495.yaml ├── OSV-2023-728.yaml ├── OSV-2024-1062.yaml └── OSV-2024-345.yaml ├── postgis ├── OSV-2020-540.yaml └── OSV-2020-718.yaml ├── powsybl-java └── OSV-2025-240.yaml ├── python3-libraries ├── OSV-2023-334.yaml ├── OSV-2023-337.yaml └── OSV-2023-361.yaml ├── qemu ├── OSV-2020-2101.yaml ├── OSV-2020-2161.yaml ├── OSV-2020-2223.yaml ├── OSV-2021-276.yaml ├── OSV-2021-532.yaml ├── OSV-2021-578.yaml ├── OSV-2021-617.yaml ├── OSV-2021-710.yaml ├── OSV-2021-8.yaml ├── OSV-2021-820.yaml ├── OSV-2022-1164.yaml ├── OSV-2022-581.yaml ├── OSV-2023-101.yaml └── OSV-2023-390.yaml ├── qpdf ├── OSV-2020-1407.yaml ├── OSV-2020-2245.yaml ├── OSV-2020-804.yaml ├── OSV-2020-847.yaml ├── OSV-2020-856.yaml ├── OSV-2020-863.yaml ├── OSV-2024-1297.yaml └── OSV-2024-18.yaml ├── qpid-proton ├── OSV-2021-1540.yaml └── OSV-2021-1546.yaml ├── qt ├── OSV-2020-143.yaml ├── OSV-2020-1577.yaml ├── OSV-2020-1671.yaml ├── OSV-2020-902.yaml ├── OSV-2021-1121.yaml ├── OSV-2021-1143.yaml ├── OSV-2021-1449.yaml ├── OSV-2021-1477.yaml ├── OSV-2021-235.yaml ├── OSV-2021-903.yaml └── OSV-2022-327.yaml ├── quickjs ├── OSV-2020-1053.yaml ├── OSV-2020-1171.yaml ├── OSV-2022-1150.yaml ├── OSV-2022-349.yaml ├── OSV-2022-557.yaml ├── OSV-2022-706.yaml ├── OSV-2023-1263.yaml ├── OSV-2023-1358.yaml ├── OSV-2023-1372.yaml ├── OSV-2024-204.yaml ├── OSV-2024-207.yaml ├── OSV-2024-389.yaml ├── OSV-2025-321.yaml ├── OSV-2025-326.yaml ├── OSV-2025-346.yaml ├── OSV-2025-352.yaml └── OSV-2025-404.yaml ├── radare2 ├── OSV-2018-101.yaml ├── OSV-2018-102.yaml ├── OSV-2018-148.yaml ├── OSV-2018-194.yaml ├── OSV-2018-198.yaml ├── OSV-2018-201.yaml ├── OSV-2018-29.yaml ├── OSV-2020-1076.yaml ├── OSV-2020-1094.yaml ├── OSV-2020-1146.yaml ├── OSV-2020-133.yaml ├── OSV-2020-1386.yaml ├── OSV-2020-160.yaml ├── OSV-2020-170.yaml ├── OSV-2020-196.yaml ├── OSV-2020-315.yaml ├── OSV-2020-317.yaml ├── OSV-2020-357.yaml ├── OSV-2020-377.yaml ├── OSV-2020-393.yaml ├── OSV-2020-399.yaml ├── OSV-2020-440.yaml ├── OSV-2020-441.yaml ├── OSV-2020-455.yaml ├── OSV-2020-490.yaml ├── OSV-2020-522.yaml ├── OSV-2020-523.yaml ├── OSV-2020-533.yaml ├── OSV-2020-560.yaml ├── OSV-2020-574.yaml ├── OSV-2020-625.yaml ├── OSV-2020-64.yaml ├── OSV-2020-642.yaml ├── OSV-2020-677.yaml ├── OSV-2020-694.yaml ├── OSV-2020-7.yaml ├── OSV-2020-722.yaml ├── OSV-2020-725.yaml ├── OSV-2020-881.yaml ├── OSV-2021-1500.yaml ├── OSV-2021-1786.yaml ├── OSV-2021-1820.yaml ├── OSV-2022-1087.yaml ├── OSV-2022-1110.yaml ├── OSV-2022-1137.yaml ├── OSV-2022-383.yaml ├── OSV-2022-598.yaml ├── OSV-2022-993.yaml ├── OSV-2023-1227.yaml ├── OSV-2023-1247.yaml ├── OSV-2023-35.yaml ├── OSV-2023-399.yaml ├── OSV-2023-547.yaml ├── OSV-2023-605.yaml ├── OSV-2023-623.yaml ├── OSV-2023-96.yaml ├── OSV-2023-974.yaml ├── OSV-2023-989.yaml ├── OSV-2025-42.yaml └── OSV-2025-50.yaml ├── rdkit ├── OSV-2020-1366.yaml ├── OSV-2020-1453.yaml ├── OSV-2020-1730.yaml ├── OSV-2020-1849.yaml ├── OSV-2020-2143.yaml ├── OSV-2020-959.yaml ├── OSV-2021-1745.yaml ├── OSV-2022-1288.yaml ├── OSV-2022-134.yaml ├── OSV-2022-675.yaml ├── OSV-2024-838.yaml └── OSV-2025-62.yaml ├── re2 └── OSV-2021-921.yaml ├── readstat ├── OSV-2020-1012.yaml ├── OSV-2020-1043.yaml ├── OSV-2020-1129.yaml ├── OSV-2020-1135.yaml ├── OSV-2020-1151.yaml ├── OSV-2020-1163.yaml ├── OSV-2020-1257.yaml ├── OSV-2020-300.yaml ├── OSV-2020-327.yaml ├── OSV-2020-333.yaml ├── OSV-2020-424.yaml ├── OSV-2020-474.yaml ├── OSV-2020-913.yaml ├── OSV-2021-732.yaml ├── OSV-2023-28.yaml ├── OSV-2024-1150.yaml ├── OSV-2024-118.yaml ├── OSV-2024-1332.yaml └── OSV-2025-408.yaml ├── relic ├── OSV-2021-330.yaml ├── OSV-2022-1230.yaml └── OSV-2022-1231.yaml ├── resiprocate └── OSV-2018-222.yaml ├── rnp ├── OSV-2020-1558.yaml ├── OSV-2020-1699.yaml └── OSV-2020-1702.yaml ├── rtpproxy └── OSV-2025-384.yaml ├── ruby ├── OSV-2022-1108.yaml ├── OSV-2023-1173.yaml └── OSV-2023-322.yaml ├── s2geometry ├── OSV-2021-1269.yaml ├── OSV-2021-1275.yaml └── OSV-2021-1305.yaml ├── s2opc └── OSV-2024-64.yaml ├── selinux ├── OSV-2021-1733.yaml ├── OSV-2021-1736.yaml ├── OSV-2021-270.yaml ├── OSV-2021-417.yaml ├── OSV-2021-421.yaml ├── OSV-2021-536.yaml ├── OSV-2021-585.yaml ├── OSV-2021-891.yaml ├── OSV-2021-902.yaml ├── OSV-2022-241.yaml └── OSV-2023-1271.yaml ├── serenity ├── OSV-2021-1039.yaml ├── OSV-2021-1080.yaml ├── OSV-2021-1116.yaml ├── OSV-2021-1145.yaml ├── OSV-2021-1149.yaml ├── OSV-2021-1266.yaml ├── OSV-2021-1394.yaml ├── OSV-2021-16.yaml ├── OSV-2021-1762.yaml ├── OSV-2021-284.yaml ├── OSV-2021-31.yaml ├── OSV-2021-315.yaml ├── OSV-2021-394.yaml ├── OSV-2021-395.yaml ├── OSV-2021-397.yaml ├── OSV-2021-399.yaml ├── OSV-2021-445.yaml ├── OSV-2021-446.yaml ├── OSV-2021-494.yaml ├── OSV-2021-514.yaml ├── OSV-2021-563.yaml ├── OSV-2021-713.yaml ├── OSV-2021-793.yaml ├── OSV-2021-804.yaml ├── OSV-2021-822.yaml ├── OSV-2021-830.yaml ├── OSV-2021-840.yaml ├── OSV-2021-841.yaml ├── OSV-2021-843.yaml ├── OSV-2021-863.yaml ├── OSV-2021-875.yaml ├── OSV-2021-887.yaml ├── OSV-2021-987.yaml ├── OSV-2022-514.yaml ├── OSV-2022-84.yaml ├── OSV-2023-1033.yaml ├── OSV-2023-1103.yaml ├── OSV-2023-1177.yaml ├── OSV-2023-538.yaml ├── OSV-2023-555.yaml ├── OSV-2023-844.yaml └── OSV-2023-936.yaml ├── shaderc ├── OSV-2024-1343.yaml ├── OSV-2024-1346.yaml ├── OSV-2024-1348.yaml └── OSV-2024-1355.yaml ├── sigstore-java └── OSV-2024-1388.yaml ├── simdjson ├── OSV-2020-2108.yaml ├── OSV-2020-2119.yaml ├── OSV-2020-2124.yaml ├── OSV-2021-1312.yaml └── OSV-2021-1317.yaml ├── simdutf ├── OSV-2023-272.yaml ├── OSV-2023-278.yaml ├── OSV-2023-281.yaml ├── OSV-2024-1034.yaml ├── OSV-2024-1043.yaml └── OSV-2024-39.yaml ├── skcms ├── OSV-2021-591.yaml └── OSV-2021-597.yaml ├── skia ├── OSV-2021-1071.yaml ├── OSV-2021-1074.yaml ├── OSV-2021-503.yaml ├── OSV-2022-1001.yaml ├── OSV-2022-576.yaml ├── OSV-2022-968.yaml ├── OSV-2022-969.yaml ├── OSV-2022-970.yaml ├── OSV-2022-972.yaml ├── OSV-2022-976.yaml ├── OSV-2022-978.yaml ├── OSV-2022-981.yaml ├── OSV-2022-983.yaml ├── OSV-2022-986.yaml ├── OSV-2022-989.yaml └── OSV-2022-996.yaml ├── sleuthkit ├── OSV-2021-1309.yaml ├── OSV-2021-1380.yaml ├── OSV-2021-1775.yaml ├── OSV-2021-908.yaml ├── OSV-2022-1101.yaml ├── OSV-2022-1106.yaml └── OSV-2023-225.yaml ├── solidity └── OSV-2020-2131.yaml ├── spice-usbredir └── OSV-2021-1102.yaml ├── spirv-tools ├── OSV-2021-1418.yaml ├── OSV-2022-1119.yaml ├── OSV-2022-436.yaml ├── OSV-2022-490.yaml ├── OSV-2022-525.yaml ├── OSV-2024-144.yaml ├── OSV-2024-535.yaml ├── OSV-2024-574.yaml └── OSV-2024-592.yaml ├── spring-boot ├── OSV-2023-335.yaml ├── OSV-2023-60.yaml └── OSV-2023-693.yaml ├── spring-data-keyvalue └── OSV-2023-1001.yaml ├── spring-data-mongodb ├── OSV-2023-1244.yaml ├── OSV-2023-396.yaml └── OSV-2023-872.yaml ├── sql-parser ├── OSV-2021-947.yaml └── OSV-2021-950.yaml ├── stb ├── OSV-2020-1372.yaml ├── OSV-2020-1380.yaml ├── OSV-2020-1472.yaml ├── OSV-2020-1478.yaml ├── OSV-2020-1521.yaml ├── OSV-2020-1892.yaml ├── OSV-2020-1897.yaml ├── OSV-2021-1239.yaml ├── OSV-2021-1787.yaml └── OSV-2021-979.yaml ├── strongswan └── OSV-2018-195.yaml ├── sudoers ├── OSV-2021-1122.yaml ├── OSV-2021-413.yaml ├── OSV-2021-441.yaml └── OSV-2023-106.yaml ├── suricata ├── OSV-2020-1007.yaml ├── OSV-2020-1026.yaml ├── OSV-2020-124.yaml ├── OSV-2020-1321.yaml ├── OSV-2020-1346.yaml ├── OSV-2020-19.yaml ├── OSV-2021-1634.yaml ├── OSV-2021-236.yaml ├── OSV-2022-1017.yaml ├── OSV-2022-1162.yaml ├── OSV-2022-1166.yaml ├── OSV-2022-837.yaml ├── OSV-2023-261.yaml └── OSV-2025-271.yaml ├── swift-nio └── OSV-2022-902.yaml ├── swift-protobuf ├── OSV-2021-1214.yaml ├── OSV-2021-1215.yaml ├── OSV-2021-1222.yaml ├── OSV-2021-1332.yaml ├── OSV-2021-1347.yaml └── OSV-2024-402.yaml ├── systemd ├── OSV-2018-124.yaml ├── OSV-2018-152.yaml ├── OSV-2018-191.yaml ├── OSV-2018-90.yaml ├── OSV-2020-287.yaml ├── OSV-2020-552.yaml ├── OSV-2020-635.yaml ├── OSV-2020-682.yaml ├── OSV-2021-418.yaml ├── OSV-2022-472.yaml ├── OSV-2022-474.yaml ├── OSV-2022-475.yaml ├── OSV-2022-835.yaml ├── OSV-2023-119.yaml ├── OSV-2023-299.yaml ├── OSV-2023-300.yaml ├── OSV-2023-301.yaml ├── OSV-2023-304.yaml ├── OSV-2023-305.yaml ├── OSV-2023-308.yaml ├── OSV-2023-309.yaml ├── OSV-2023-310.yaml └── OSV-2023-312.yaml ├── tarantool ├── OSV-2024-114.yaml ├── OSV-2024-255.yaml ├── OSV-2024-978.yaml ├── OSV-2025-412.yaml └── OSV-2025-93.yaml ├── tcmalloc ├── OSV-2022-35.yaml ├── OSV-2022-36.yaml └── OSV-2023-388.yaml ├── tdengine └── OSV-2022-37.yaml ├── tensorflow-py └── OSV-2021-449.yaml ├── tesseract-ocr ├── OSV-2021-211.yaml └── OSV-2021-534.yaml ├── threetenbp ├── OSV-2024-171.yaml ├── OSV-2024-184.yaml └── OSV-2024-86.yaml ├── tidy-html5 ├── OSV-2020-1427.yaml ├── OSV-2020-1440.yaml ├── OSV-2021-1076.yaml ├── OSV-2021-1078.yaml ├── OSV-2021-1085.yaml └── OSV-2021-1135.yaml ├── tinyusb └── OSV-2024-422.yaml ├── tmux ├── OSV-2021-419.yaml └── OSV-2022-473.yaml ├── tomcat ├── OSV-2022-1109.yaml ├── OSV-2022-1126.yaml └── OSV-2022-791.yaml ├── tpm2 └── OSV-2020-1507.yaml ├── trafficserver ├── OSV-2024-449.yaml ├── OSV-2024-450.yaml ├── OSV-2024-451.yaml └── OSV-2024-538.yaml ├── tremor ├── OSV-2020-113.yaml ├── OSV-2020-15.yaml └── OSV-2020-211.yaml ├── ujson ├── OSV-2021-1809.yaml └── OSV-2021-955.yaml ├── unbound ├── OSV-2020-225.yaml └── OSV-2020-255.yaml ├── unicorn ├── OSV-2018-180.yaml ├── OSV-2020-1029.yaml ├── OSV-2020-1100.yaml ├── OSV-2020-1123.yaml ├── OSV-2020-1143.yaml ├── OSV-2020-1212.yaml ├── OSV-2020-1373.yaml ├── OSV-2020-1409.yaml ├── OSV-2020-1410.yaml ├── OSV-2020-1945.yaml ├── OSV-2020-2180.yaml ├── OSV-2020-2305.yaml ├── OSV-2020-231.yaml ├── OSV-2020-2320.yaml ├── OSV-2020-802.yaml ├── OSV-2020-825.yaml ├── OSV-2020-837.yaml ├── OSV-2021-1046.yaml ├── OSV-2021-1066.yaml ├── OSV-2021-1069.yaml ├── OSV-2021-1075.yaml ├── OSV-2021-1124.yaml ├── OSV-2021-1186.yaml ├── OSV-2021-1230.yaml ├── OSV-2021-1413.yaml ├── OSV-2021-1450.yaml ├── OSV-2021-1463.yaml ├── OSV-2021-1554.yaml ├── OSV-2021-1671.yaml ├── OSV-2021-307.yaml ├── OSV-2021-345.yaml ├── OSV-2021-619.yaml ├── OSV-2021-778.yaml ├── OSV-2021-895.yaml ├── OSV-2021-904.yaml ├── OSV-2021-939.yaml └── OSV-2022-99.yaml ├── unrar ├── OSV-2017-100.yaml ├── OSV-2017-104.yaml ├── OSV-2017-109.yaml ├── OSV-2017-110.yaml ├── OSV-2017-113.yaml ├── OSV-2017-114.yaml ├── OSV-2017-117.yaml ├── OSV-2017-13.yaml ├── OSV-2017-14.yaml ├── OSV-2017-17.yaml ├── OSV-2017-25.yaml ├── OSV-2017-3.yaml ├── OSV-2017-33.yaml ├── OSV-2017-39.yaml ├── OSV-2017-64.yaml ├── OSV-2017-65.yaml ├── OSV-2017-69.yaml ├── OSV-2017-71.yaml ├── OSV-2017-76.yaml ├── OSV-2017-9.yaml ├── OSV-2017-90.yaml ├── OSV-2017-93.yaml ├── OSV-2017-95.yaml ├── OSV-2018-204.yaml ├── OSV-2018-6.yaml └── OSV-2024-1351.yaml ├── upb ├── OSV-2022-1002.yaml └── OSV-2022-412.yaml ├── upx └── OSV-2024-98.yaml ├── usrsctp ├── OSV-2020-2000.yaml ├── OSV-2020-481.yaml ├── OSV-2020-649.yaml ├── OSV-2020-785.yaml ├── OSV-2021-273.yaml └── OSV-2021-343.yaml ├── util-linux ├── OSV-2020-1609.yaml └── OSV-2022-1157.yaml ├── uwebsockets ├── OSV-2020-1598.yaml ├── OSV-2020-1599.yaml ├── OSV-2020-1641.yaml ├── OSV-2020-1694.yaml ├── OSV-2020-1695.yaml ├── OSV-2020-2098.yaml ├── OSV-2020-2217.yaml ├── OSV-2020-2221.yaml ├── OSV-2021-1378.yaml ├── OSV-2021-1386.yaml ├── OSV-2021-1387.yaml ├── OSV-2021-1390.yaml ├── OSV-2021-1392.yaml ├── OSV-2021-1727.yaml ├── OSV-2021-401.yaml ├── OSV-2021-414.yaml ├── OSV-2021-437.yaml └── OSV-2021-453.yaml ├── vlc └── OSV-2021-1442.yaml ├── vulkan-loader └── OSV-2023-1170.yaml ├── w3m ├── OSV-2021-562.yaml └── OSV-2022-193.yaml ├── wabt ├── OSV-2020-1054.yaml ├── OSV-2020-150.yaml ├── OSV-2020-1629.yaml ├── OSV-2020-783.yaml ├── OSV-2020-823.yaml ├── OSV-2020-846.yaml ├── OSV-2020-854.yaml ├── OSV-2020-861.yaml ├── OSV-2021-1241.yaml ├── OSV-2021-288.yaml ├── OSV-2021-373.yaml ├── OSV-2022-1248.yaml ├── OSV-2022-1261.yaml ├── OSV-2022-1263.yaml ├── OSV-2022-916.yaml ├── OSV-2023-346.yaml ├── OSV-2023-382.yaml ├── OSV-2023-838.yaml └── OSV-2024-398.yaml ├── wamr └── OSV-2025-230.yaml ├── wasm3 ├── OSV-2021-1061.yaml ├── OSV-2021-642.yaml ├── OSV-2021-660.yaml ├── OSV-2021-676.yaml ├── OSV-2021-678.yaml ├── OSV-2021-687.yaml ├── OSV-2021-688.yaml ├── OSV-2021-689.yaml ├── OSV-2021-698.yaml ├── OSV-2021-699.yaml ├── OSV-2021-700.yaml ├── OSV-2021-701.yaml ├── OSV-2021-728.yaml ├── OSV-2021-919.yaml ├── OSV-2022-784.yaml └── OSV-2022-881.yaml ├── wasmedge ├── OSV-2023-1119.yaml ├── OSV-2023-857.yaml ├── OSV-2023-865.yaml └── OSV-2024-140.yaml ├── wasmtime ├── OSV-2022-1155.yaml ├── OSV-2022-1172.yaml ├── OSV-2022-588.yaml ├── OSV-2022-590.yaml ├── OSV-2022-597.yaml ├── OSV-2022-774.yaml ├── OSV-2022-781.yaml └── OSV-2024-1232.yaml ├── wavpack ├── OSV-2020-1006.yaml ├── OSV-2020-1244.yaml ├── OSV-2020-247.yaml ├── OSV-2020-48.yaml ├── OSV-2025-105.yaml ├── OSV-2025-107.yaml ├── OSV-2025-108.yaml ├── OSV-2025-124.yaml └── OSV-2025-127.yaml ├── wget ├── OSV-2018-273.yaml ├── OSV-2018-280.yaml ├── OSV-2018-369.yaml └── OSV-2018-457.yaml ├── wget2 ├── OSV-2018-137.yaml ├── OSV-2020-1083.yaml ├── OSV-2020-334.yaml ├── OSV-2020-408.yaml ├── OSV-2020-486.yaml └── OSV-2020-567.yaml ├── wireshark ├── OSV-2017-120.yaml ├── OSV-2017-144.yaml ├── OSV-2018-182.yaml ├── OSV-2018-303.yaml ├── OSV-2020-189.yaml ├── OSV-2020-2129.yaml ├── OSV-2020-2227.yaml ├── OSV-2020-256.yaml ├── OSV-2020-365.yaml ├── OSV-2020-374.yaml ├── OSV-2020-557.yaml ├── OSV-2020-570.yaml ├── OSV-2020-62.yaml ├── OSV-2020-629.yaml ├── OSV-2020-651.yaml ├── OSV-2020-662.yaml ├── OSV-2021-269.yaml ├── OSV-2021-423.yaml ├── OSV-2021-430.yaml ├── OSV-2021-850.yaml ├── OSV-2021-940.yaml ├── OSV-2022-1079.yaml ├── OSV-2022-1111.yaml ├── OSV-2022-1112.yaml ├── OSV-2022-1114.yaml ├── OSV-2022-432.yaml ├── OSV-2022-770.yaml ├── OSV-2022-867.yaml ├── OSV-2023-1184.yaml ├── OSV-2023-1203.yaml ├── OSV-2023-152.yaml ├── OSV-2023-175.yaml ├── OSV-2023-251.yaml ├── OSV-2023-391.yaml ├── OSV-2023-420.yaml ├── OSV-2023-422.yaml └── OSV-2024-178.yaml ├── wolfmqtt ├── OSV-2021-1188.yaml ├── OSV-2021-1204.yaml ├── OSV-2021-1211.yaml ├── OSV-2021-1348.yaml ├── OSV-2021-1349.yaml ├── OSV-2021-1352.yaml ├── OSV-2021-1353.yaml ├── OSV-2021-1358.yaml ├── OSV-2021-1361.yaml ├── OSV-2021-1568.yaml ├── OSV-2021-1612.yaml ├── OSV-2022-16.yaml └── OSV-2023-1240.yaml ├── wolfssl ├── OSV-2020-1843.yaml ├── OSV-2020-1995.yaml ├── OSV-2020-2008.yaml ├── OSV-2020-2060.yaml ├── OSV-2020-2070.yaml ├── OSV-2020-2083.yaml ├── OSV-2020-2092.yaml ├── OSV-2020-2130.yaml ├── OSV-2020-2144.yaml ├── OSV-2020-2155.yaml ├── OSV-2020-2171.yaml ├── OSV-2020-2299.yaml ├── OSV-2020-2304.yaml ├── OSV-2021-10.yaml ├── OSV-2021-461.yaml ├── OSV-2021-807.yaml ├── OSV-2021-811.yaml ├── OSV-2022-1113.yaml ├── OSV-2022-840.yaml ├── OSV-2022-842.yaml ├── OSV-2023-107.yaml ├── OSV-2023-13.yaml ├── OSV-2023-16.yaml ├── OSV-2023-358.yaml └── OSV-2023-451.yaml ├── wpantund ├── OSV-2017-108.yaml ├── OSV-2017-91.yaml ├── OSV-2018-89.yaml └── OSV-2020-573.yaml ├── wuffs └── OSV-2021-561.yaml ├── xmlpull ├── OSV-2022-467.yaml └── OSV-2023-525.yaml ├── xpdf ├── OSV-2024-326.yaml ├── OSV-2024-830.yaml └── OSV-2024-963.yaml ├── xs └── OSV-2022-612.yaml ├── xstream ├── OSV-2022-431.yaml ├── OSV-2022-455.yaml ├── OSV-2022-458.yaml ├── OSV-2022-463.yaml ├── OSV-2022-497.yaml ├── OSV-2022-681.yaml ├── OSV-2022-749.yaml ├── OSV-2022-759.yaml ├── OSV-2022-865.yaml ├── OSV-2022-915.yaml └── OSV-2022-962.yaml ├── yara ├── OSV-2017-54.yaml ├── OSV-2017-84.yaml ├── OSV-2018-105.yaml ├── OSV-2018-156.yaml ├── OSV-2018-170.yaml ├── OSV-2018-33.yaml ├── OSV-2018-74.yaml ├── OSV-2020-1379.yaml ├── OSV-2020-1656.yaml ├── OSV-2020-1698.yaml ├── OSV-2020-2238.yaml ├── OSV-2020-2291.yaml ├── OSV-2020-263.yaml ├── OSV-2020-328.yaml ├── OSV-2020-345.yaml ├── OSV-2020-497.yaml ├── OSV-2020-508.yaml ├── OSV-2020-841.yaml ├── OSV-2020-849.yaml ├── OSV-2021-1160.yaml ├── OSV-2021-1333.yaml ├── OSV-2021-39.yaml ├── OSV-2022-209.yaml └── OSV-2022-510.yaml └── zstd ├── OSV-2020-286.yaml ├── OSV-2020-405.yaml ├── OSV-2020-429.yaml ├── OSV-2020-654.yaml ├── OSV-2020-691.yaml ├── OSV-2021-1246.yaml ├── OSV-2021-727.yaml ├── OSV-2021-859.yaml ├── OSV-2022-110.yaml ├── OSV-2022-15.yaml └── OSV-2022-96.yaml /infra/.style.yapf: -------------------------------------------------------------------------------- 1 | [style] 2 | based_on_style = yapf 3 | column_limit = 80 4 | indent_width = 2 5 | split_before_named_assigns = true 6 | -------------------------------------------------------------------------------- /infra/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/oss-fuzz-vulns/135f59caf0c699ec9cfc252878c0e09bbd45e35c/infra/README.md -------------------------------------------------------------------------------- /infra/pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "syncer" 3 | version = "0.1.0" 4 | description = "" 5 | authors = ["Oliver Chang "] 6 | readme = "README.md" 7 | 8 | [tool.poetry.dependencies] 9 | python = "^3.11" 10 | google-auth = "^2.36.0" 11 | google-auth-httplib2 = "^0.2.0" 12 | google-api-python-client = "^2.154.0" 13 | google-cloud-datastore = "^2.20.1" 14 | google-cloud-pubsub = "^2.27.1" 15 | pyyaml = "^6.0.2" 16 | google-cloud-storage = "^2.18.2" 17 | 18 | 19 | [tool.poetry.group.dev.dependencies] 20 | pylint = "^3.3.1" 21 | yapf = "^0.43.0" 22 | pyright = "^1.1.389" 23 | 24 | [build-system] 25 | requires = ["poetry-core"] 26 | build-backend = "poetry.core.masonry.api" 27 | -------------------------------------------------------------------------------- /infra/syncer/google_issue_tracker/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Google issue tracker.""" 15 | -------------------------------------------------------------------------------- /vulns/augeas/OSV-2020-1540.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1540 2 | summary: UNKNOWN READ in eval_expr 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23781 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | eval_expr 10 | eval_binary 11 | eval_expr 12 | ``` 13 | modified: '2023-07-15T14:10:54.665039Z' 14 | published: '2020-07-29T00:00:39.727472Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23781 18 | affected: 19 | - package: 20 | name: augeas 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/hercules-team/augeas 25 | events: 26 | - introduced: 9c52a0b258f77394c9ade6c032e00b49bd01f949 27 | versions: 28 | - release-1.13.0 29 | - release-1.14.0 30 | - release-1.14.1 31 | ecosystem_specific: 32 | severity: MEDIUM 33 | -------------------------------------------------------------------------------- /vulns/binutils/OSV-2023-1324.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-1324 2 | summary: Heap-use-after-free in memory_bclose 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65104 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 8 8 | Crash state: 9 | memory_bclose 10 | bfd_close_all_done 11 | fuzz_dwarf.c 12 | ``` 13 | modified: '2023-12-18T00:03:27.140220Z' 14 | published: '2023-12-18T00:03:27.139777Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65104 18 | affected: 19 | - package: 20 | name: binutils 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/binutils 23 | ecosystem_specific: 24 | severity: HIGH 25 | versions: [] 26 | schema_version: 1.6.0 27 | -------------------------------------------------------------------------------- /vulns/binutils/OSV-2024-1056.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2024-1056 2 | summary: UNKNOWN WRITE in bfd_elf_get_str_section 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538161 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | bfd_elf_get_str_section 10 | bfd_elf_string_from_elf_section 11 | bfd_elf_sym_name 12 | ``` 13 | modified: '2024-09-13T00:02:11.288549Z' 14 | published: '2024-09-13T00:02:11.288214Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538161 18 | affected: 19 | - package: 20 | name: binutils 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/binutils 23 | ecosystem_specific: 24 | severity: HIGH 25 | versions: [] 26 | schema_version: 1.6.0 27 | -------------------------------------------------------------------------------- /vulns/binutils/OSV-2025-260.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2025-260 2 | summary: Heap-buffer-overflow in bfd_getb16 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=408254000 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | bfd_getb16 10 | nds32_elf_do_9_pcrel_reloc 11 | nds32_elf_9_pcrel_reloc 12 | ``` 13 | modified: '2025-04-06T00:00:51.202704Z' 14 | published: '2025-04-06T00:00:51.202273Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=408254000 18 | affected: 19 | - package: 20 | name: binutils 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/binutils 23 | ecosystem_specific: 24 | severity: MEDIUM 25 | versions: [] 26 | schema_version: 1.6.0 27 | -------------------------------------------------------------------------------- /vulns/botan/OSV-2018-75.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-75 2 | summary: Heap-buffer-overflow in ref_oneandzero_unpad 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10628 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | ref_oneandzero_unpad 10 | fuzz 11 | fuzzers.h 12 | ``` 13 | modified: '2022-04-13T03:04:33.913061Z' 14 | published: '2021-01-13T00:00:36.224912Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10628 18 | affected: 19 | - package: 20 | name: botan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/randombit/botan.git 25 | events: 26 | - introduced: 5d5ca7b276e687d9e3480e70d4718c99ce34cc23 27 | - fixed: b859e175a0f2357dcfe2211ca487a7bde0e971b1 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-ares/OSV-2020-280.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-280 2 | summary: Null-dereference READ 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15458 5 | 6 | ``` 7 | Crash type: Null-dereference READ 8 | Crash state: 9 | NULL``` 10 | modified: '2022-04-13T03:04:36.411292Z' 11 | published: '2020-06-30T00:00:45.791652Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15458 15 | affected: 16 | - package: 17 | name: c-ares 18 | ecosystem: OSS-Fuzz 19 | ranges: 20 | - type: GIT 21 | repo: https://github.com/c-ares/c-ares.git 22 | events: 23 | - introduced: 7d3591ee8a1a63e7748e68e6d880bd1763a32885 24 | - fixed: b949cc3ddfbeb1b3fba571fb53b186b645e66e9c 25 | versions: [] 26 | -------------------------------------------------------------------------------- /vulns/c-ares/OSV-2020-435.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-435 2 | summary: Heap-buffer-overflow in ares_parse_aaaa_reply 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15373 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 16 8 | Crash state: 9 | ares_parse_aaaa_reply 10 | ares-test-fuzz.c 11 | ``` 12 | modified: '2022-04-13T03:04:36.416216Z' 13 | published: '2020-07-01T00:00:09.430097Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15373 17 | affected: 18 | - package: 19 | name: c-ares 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/c-ares/c-ares.git 24 | events: 25 | - introduced: 7d3591ee8a1a63e7748e68e6d880bd1763a32885 26 | - fixed: 5dd3629bc93449840c36dd635ea6cce606b8c366 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/c-ares/OSV-2020-439.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-439 2 | summary: UNKNOWN WRITE in ares-test-fuzz.c 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15375 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | ares-test-fuzz.c 10 | ``` 11 | modified: '2022-04-13T03:04:36.421240Z' 12 | published: '2020-07-01T00:00:09.657657Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15375 16 | affected: 17 | - package: 18 | name: c-ares 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/c-ares/c-ares.git 23 | events: 24 | - introduced: 7d3591ee8a1a63e7748e68e6d880bd1763a32885 25 | - fixed: b949cc3ddfbeb1b3fba571fb53b186b645e66e9c 26 | ecosystem_specific: 27 | severity: HIGH 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-ares/OSV-2020-530.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-530 2 | summary: Stack-buffer-overflow in ares_parse_aaaa_reply 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15459 5 | 6 | ``` 7 | Crash type: Stack-buffer-overflow WRITE 4 8 | Crash state: 9 | ares_parse_aaaa_reply 10 | ares-test-fuzz.c 11 | ``` 12 | modified: '2022-04-13T03:04:36.401229Z' 13 | published: '2020-07-01T00:00:14.958697Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15459 17 | affected: 18 | - package: 19 | name: c-ares 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/c-ares/c-ares.git 24 | events: 25 | - introduced: 7d3591ee8a1a63e7748e68e6d880bd1763a32885 26 | - fixed: b949cc3ddfbeb1b3fba571fb53b186b645e66e9c 27 | ecosystem_specific: 28 | severity: HIGH 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/c-ares/OSV-2020-541.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-541 2 | summary: UNKNOWN READ in _fini 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15391 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | _fini 10 | ``` 11 | modified: '2022-04-13T03:04:36.426296Z' 12 | published: '2020-07-01T00:00:15.713830Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15391 16 | affected: 17 | - package: 18 | name: c-ares 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/c-ares/c-ares.git 23 | events: 24 | - introduced: 7d3591ee8a1a63e7748e68e6d880bd1763a32885 25 | - fixed: b949cc3ddfbeb1b3fba571fb53b186b645e66e9c 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-ares/OSV-2020-569.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-569 2 | summary: Null-dereference READ 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15388 5 | 6 | ``` 7 | Crash type: Null-dereference READ 8 | Crash state: 9 | NULL``` 10 | modified: '2022-04-13T03:04:36.385776Z' 11 | published: '2020-07-01T00:00:17.505856Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15388 15 | affected: 16 | - package: 17 | name: c-ares 18 | ecosystem: OSS-Fuzz 19 | ranges: 20 | - type: GIT 21 | repo: https://github.com/c-ares/c-ares.git 22 | events: 23 | - introduced: 7d3591ee8a1a63e7748e68e6d880bd1763a32885 24 | - fixed: 5dd3629bc93449840c36dd635ea6cce606b8c366 25 | versions: [] 26 | -------------------------------------------------------------------------------- /vulns/c-blosc/OSV-2020-762.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-762 2 | summary: Heap-buffer-overflow in blosclz_compress 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23794 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 1 8 | Crash state: 9 | blosclz_compress 10 | blosc_c 11 | do_job 12 | ``` 13 | modified: '2022-04-13T03:04:35.757590Z' 14 | published: '2020-07-09T00:00:22.344814Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23794 18 | affected: 19 | - package: 20 | name: c-blosc 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc.git 25 | events: 26 | - introduced: 01df770ec847013b52d70b3a41490a5b8b2cddbd 27 | - fixed: e3fdd3e506a23ec66d9f3fe2fe346e4a03b1787a 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc/OSV-2021-1227.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1227 2 | summary: Heap-buffer-overflow in blosclz_compress 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38313 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 1 8 | Crash state: 9 | blosclz_compress 10 | blosc_c 11 | do_job 12 | ``` 13 | modified: '2022-04-13T03:04:35.752295Z' 14 | published: '2021-09-11T00:01:45.898877Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38313 18 | affected: 19 | - package: 20 | name: c-blosc 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc.git 25 | events: 26 | - introduced: cfa760c8ae8803111b5da55ea1fff65e1d8f80b8 27 | - fixed: 8f702156e8c9ecc8bbcbabfc0d8ee38bc294dddd 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2020-2087.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2087 2 | summary: Heap-buffer-overflow in blosc_c 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 1 8 | Crash state: 9 | blosc_c 10 | do_job 11 | blosc_compress_context 12 | ``` 13 | modified: '2022-04-13T03:04:40.296793Z' 14 | published: '2020-10-19T00:00:42.021414Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 2fe60549952b476d1229c7fe6d86e6c6e95de8d6 27 | - fixed: c4c6470e88210afc95262c8b9fcc27e30ca043ee 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-21.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-21 2 | summary: Segv on unknown address in frame_get_lazychunk 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29295 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | frame_get_lazychunk 10 | frame_decompress_chunk 11 | blosc2_schunk_decompress_chunk 12 | ``` 13 | modified: '2022-04-13T03:04:40.370168Z' 14 | published: '2021-01-07T00:00:16.593508Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29295 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 7be72a8f72330c13eb51c0eb992bcb0f2a027038 27 | - fixed: c473b21cff5e1a459b4467f18bf7414114f848fd 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-221.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-221 2 | summary: Heap-buffer-overflow in blosc_d 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29816 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | blosc_d 10 | _blosc_getitem 11 | blosc_getitem 12 | ``` 13 | modified: '2022-04-13T03:04:40.260042Z' 14 | published: '2021-01-23T00:00:07.877858Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29816 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: c473b21cff5e1a459b4467f18bf7414114f848fd 27 | - fixed: 98bb9e682481b934f65db1bbd73bc2c3a41f2931 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-274.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-274 2 | summary: Memcpy-param-overlap in frame_get_metalayers 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30253 5 | 6 | ``` 7 | Crash type: Memcpy-param-overlap 8 | Crash state: 9 | frame_get_metalayers 10 | blosc2_frame_to_schunk 11 | fuzz_decompress_frame.c 12 | ``` 13 | modified: '2022-04-13T03:04:40.264956Z' 14 | published: '2021-02-05T00:00:01.412696Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30253 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: c473b21cff5e1a459b4467f18bf7414114f848fd 27 | - fixed: dd0e099a4cf51ec01064065778b1d3bfb314f201 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-366.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-366 2 | summary: Negative-size-param in frame_get_metalayers 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30748 5 | 6 | ``` 7 | Crash type: Negative-size-param 8 | Crash state: 9 | frame_get_metalayers 10 | frame_to_schunk 11 | blosc2_schunk_from_buffer 12 | ``` 13 | modified: '2022-04-13T03:04:40.473136Z' 14 | published: '2021-02-11T00:00:56.927906Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30748 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: c473b21cff5e1a459b4467f18bf7414114f848fd 27 | - fixed: 1f79b650f75becece4a5346f49f29bea71daa72c 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-369.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-369 2 | summary: Segv on unknown address in blosc_read_header 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30761 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | blosc_read_header 10 | blosc2_getitem_ctx 11 | blosc_getitem 12 | ``` 13 | modified: '2022-04-13T03:04:40.205415Z' 14 | published: '2021-02-11T00:01:00.831869Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30761 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 57fca38a4f51687d71e451ae29df6b353764fb72 27 | - fixed: 5a222cc79dc67ce01477da3a3ee10edf1076c655 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-404.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-404 2 | summary: Segv on unknown address in blosc_read_header 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30974 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | blosc_read_header 10 | blosc2_getitem_ctx 11 | blosc_getitem 12 | ``` 13 | modified: '2022-04-13T03:04:40.311902Z' 14 | published: '2021-02-17T00:00:01.430223Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30974 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 5a222cc79dc67ce01477da3a3ee10edf1076c655 27 | - fixed: 969fb4cbb617801876fb5ddefc73778935ff1a56 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-429.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-429 2 | summary: Heap-buffer-overflow in blosc_d 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31170 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | blosc_d 10 | _blosc_getitem 11 | blosc2_getitem_ctx 12 | ``` 13 | modified: '2022-04-13T03:04:40.451804Z' 14 | published: '2021-02-22T00:00:20.030600Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31170 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 861ba79f31393dec0a0782ca11cf32cebb6f6610 27 | - fixed: cb44cf0fc82cf19efb002bba0eb5cc42e9527c3f 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-439.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-439 2 | summary: UNKNOWN READ in blosc_d 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31241 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | blosc_d 10 | do_job 11 | blosc_run_decompression_with_context 12 | ``` 13 | modified: '2022-04-13T03:04:40.316733Z' 14 | published: '2021-02-23T00:01:11.746887Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31241 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 861ba79f31393dec0a0782ca11cf32cebb6f6610 27 | - fixed: cb44cf0fc82cf19efb002bba0eb5cc42e9527c3f 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-498.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-498 2 | summary: Invalid-free in frame_get_lazychunk 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31705 5 | 6 | ``` 7 | Crash type: Invalid-free 8 | Crash state: 9 | frame_get_lazychunk 10 | frame_decompress_chunk 11 | blosc2_schunk_decompress_chunk 12 | ``` 13 | modified: '2022-04-13T03:04:40.194958Z' 14 | published: '2021-03-06T00:01:00.285060Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31705 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: 79e921d904d46fc9edc292e02a48f1aa54567a7d 27 | - fixed: 1a79d783cc791faf12fa9f6f6f92c26fb8be4967 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-639.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-639 2 | summary: Heap-buffer-overflow in blosc_d 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33264 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ {*} 8 | Crash state: 9 | blosc_d 10 | _blosc_getitem 11 | blosc2_getitem_ctx 12 | ``` 13 | modified: '2022-04-13T03:04:40.190058Z' 14 | published: '2021-04-16T00:00:26.662778Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33264 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: d1ea514286c47433dabcf47b11cf81d2248ca5bf 27 | - fixed: 4a727370b1c2e9746434c00bf2236db86c31ea5c 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/c-blosc2/OSV-2021-7.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-7 2 | summary: UNKNOWN READ in blosc_d 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29171 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | blosc_d 10 | do_job 11 | blosc_run_decompression_with_context 12 | ``` 13 | modified: '2022-04-13T03:04:40.332895Z' 14 | published: '2021-01-04T00:00:03.424286Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29171 18 | affected: 19 | - package: 20 | name: c-blosc2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/Blosc/c-blosc2.git 25 | events: 26 | - introduced: cb15f1b2904c0c4087bb5422cf18a7091fc5ac82 27 | - fixed: df2bff1dac30f19e4c4625af533fc46535d00e18 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/curl/OSV-2020-600.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-600 2 | summary: Use-of-uninitialized-value in dprintf_formatf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16699 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | dprintf_formatf 10 | curl_mvsnprintf 11 | curl_msnprintf 12 | ``` 13 | modified: '2022-04-13T03:04:42.862628Z' 14 | published: '2020-07-01T00:00:19.594728Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16699 18 | affected: 19 | - package: 20 | name: curl 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/curl/curl.git 25 | events: 26 | - introduced: 0a5d28fa2ec872de55c8d3f3b62675f17ca9cd45 27 | - fixed: 84ced9389e1a7f576812e0675b37056331c4dbcd 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/dav1d/OSV-2020-137.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-137 2 | summary: UNKNOWN READ in dav1d_resize_ssse3 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21547 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | dav1d_resize_ssse3 10 | ``` 11 | modified: '2022-04-13T03:04:39.843682Z' 12 | published: '2020-06-24T01:51:15.781691Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21547 16 | affected: 17 | - package: 18 | name: dav1d 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://code.videolan.org/videolan/dav1d.git 23 | events: 24 | - introduced: 9e36b9b00122364cf9391380c336595d7dc6e957 25 | - fixed: 41cd4199f149760a4d16326342d646b2eb66e8b0 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/dav1d/OSV-2021-1231.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1231 2 | summary: Heap-buffer-overflow in padding 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38439 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ {*} 8 | Crash state: 9 | padding 10 | sgr_mix_c 11 | lr_stripe 12 | ``` 13 | modified: '2022-04-13T03:04:39.801760Z' 14 | published: '2021-09-12T00:00:14.393392Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38439 18 | affected: 19 | - package: 20 | name: dav1d 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://code.videolan.org/videolan/dav1d.git 25 | events: 26 | - introduced: e53314177a5a45a1c1c907464b19ade625d110a6 27 | - fixed: 69ff474a7f3a7ccc61c5e6881e45e0afe693f352 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/dovecot/OSV-2020-843.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-843 2 | summary: Heap-buffer-overflow in uni_utf8_get_char_n 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23513 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | uni_utf8_get_char_n 10 | smtp_command_parse_parameters 11 | smtp_command_parse_line 12 | ``` 13 | modified: '2022-04-13T03:04:33.892730Z' 14 | published: '2020-07-14T22:13:42.180708Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23513 18 | affected: 19 | - package: 20 | name: dovecot 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/dovecot/core 25 | events: 26 | - introduced: f5befde9939b105b490cd475df380c3220275bb6 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/dovecot/OSV-2020-880.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-880 2 | summary: Heap-buffer-overflow in smtp_command_parse_line 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23514 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | smtp_command_parse_line 10 | smtp_command_parse 11 | smtp_command_parse_next 12 | ``` 13 | modified: '2022-04-13T03:04:33.897659Z' 14 | published: '2020-07-14T22:13:57.514686Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23514 18 | affected: 19 | - package: 20 | name: dovecot 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/dovecot/core 25 | events: 26 | - introduced: f5befde9939b105b490cd475df380c3220275bb6 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/espeak-ng/OSV-2021-1110.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1110 2 | summary: Stack-buffer-overflow in TranslateWord2 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36932 5 | 6 | ``` 7 | Crash type: Stack-buffer-overflow WRITE 1 8 | Crash state: 9 | TranslateWord2 10 | TranslateClause 11 | SpeakNextClause 12 | ``` 13 | modified: '2024-12-12T14:06:37.193883Z' 14 | published: '2021-08-08T00:02:17.026887Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36932 18 | affected: 19 | - package: 20 | name: espeak-ng 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/espeak-ng/espeak-ng 25 | events: 26 | - introduced: 0a713d52bbf3e061823d1a7f35e5303e7320f27a 27 | versions: 28 | - '1.51' 29 | - 1.51.1 30 | - 1.52.0 31 | ecosystem_specific: 32 | severity: HIGH 33 | -------------------------------------------------------------------------------- /vulns/file/OSV-2016-1.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2016-1 2 | summary: UNKNOWN READ in mprint 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=282 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | mprint 10 | match 11 | file_softmagic 12 | ``` 13 | modified: '2022-04-13T03:04:30.875874Z' 14 | published: '2021-01-13T21:56:22.388453Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=282 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: c8ef8f414952634d217b2b5e19d38b92d0341bc2 27 | - fixed: a317154a5acbdcc82db79063742481ce83abafe7 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2016-2.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2016-2 2 | summary: UNKNOWN READ in file_regexec 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=283 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | file_regexec 10 | magiccheck 11 | match 12 | ``` 13 | modified: '2022-04-13T03:04:30.860493Z' 14 | published: '2021-01-13T21:57:40.577225Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=283 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: c8ef8f414952634d217b2b5e19d38b92d0341bc2 27 | - fixed: 8c16c9e3c9a82f859c3ed47c34c14eea6a3d7b18 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2016-6.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2016-6 2 | summary: UNKNOWN READ in mprint 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=144 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | mprint 10 | match 11 | file_softmagic 12 | ``` 13 | modified: '2022-04-13T03:04:30.786861Z' 14 | published: '2021-01-15T05:22:02.070395Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=144 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 8a667072e65294efa6a7b7d9a3bc417e145e0aea 27 | - fixed: 8a667072e65294efa6a7b7d9a3bc417e145e0aea 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2016-7.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2016-7 2 | summary: Heap-buffer-overflow in mcopy 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=153 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | mcopy 10 | mget 11 | match 12 | ``` 13 | modified: '2022-04-13T03:04:30.792444Z' 14 | published: '2021-01-15T05:22:13.068Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=153 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 583b3c262f0797ab4e7062e029003dde162b82ab 27 | - fixed: 8f3da601845253629efdda72f9341ed9762b3f2d 28 | versions: 29 | - FILE5_29 30 | ecosystem_specific: 31 | severity: MEDIUM 32 | -------------------------------------------------------------------------------- /vulns/file/OSV-2017-52.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2017-52 2 | summary: Use-of-uninitialized-value in mcopy 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2242 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | mcopy 10 | mget 11 | match 12 | ``` 13 | modified: '2022-04-13T03:04:30.821252Z' 14 | published: '2021-01-13T21:56:15.043847Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2242 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 1562e15149268477b395ec71309d13f8be99a83b 27 | - fixed: 55cb70a24a58fc73b7a2b9d1b2a49845668342cc 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2018-15.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-15 2 | summary: Heap-buffer-overflow in json_parse_string 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9922 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | json_parse_string 10 | json_parse 11 | json_parse_array 12 | ``` 13 | modified: '2022-04-13T03:04:30.805121Z' 14 | published: '2021-01-13T00:00:06.229450Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9922 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 3077baa14978e8c7cd9b41991bbcda9190527ee6 27 | - fixed: 87f27958cfbb05d262504976f66db70c24d5061f 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2018-18.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-18 2 | summary: Heap-buffer-overflow in json_parse_object 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9847 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | json_parse_object 10 | json_parse 11 | file_is_json 12 | ``` 13 | modified: '2022-04-13T03:04:30.897105Z' 14 | published: '2021-01-13T00:00:06.806298Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9847 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 3077baa14978e8c7cd9b41991bbcda9190527ee6 27 | - fixed: 473e039b48fd72660dd00f4b52a2880cc0dd5632 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2020-184.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-184 2 | summary: Heap-buffer-overflow in file_strncmp 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23044 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 13 8 | Crash state: 9 | file_strncmp 10 | magiccheck 11 | match 12 | ``` 13 | modified: '2022-04-13T03:04:30.870815Z' 14 | published: '2020-06-24T01:51:17.908691Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23044 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 020876142969029eefc7a52d5545d0475203c472 27 | - fixed: 3c6b51d4a1f5682f8144fef1553b0357d3d83aaf 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2020-190.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-190 2 | summary: Use-of-uninitialized-value in file_vprintf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20729 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | file_vprintf 10 | file_printf 11 | file_buffer 12 | ``` 13 | modified: '2022-04-13T03:04:30.848993Z' 14 | published: '2020-06-24T01:51:18.178456Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20729 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 0717383f58e5737cc4aa28446f5a8839d484caf4 27 | - fixed: 4f1887eb56f4abdf448274afc5abdc8f9d078929 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/file/OSV-2020-535.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-535 2 | summary: Heap-buffer-overflow in looks_ucs32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13222 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | looks_ucs32 10 | file_encoding 11 | file_buffer 12 | ``` 13 | modified: '2022-04-13T03:04:30.865616Z' 14 | published: '2020-07-01T00:00:15.186923Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13222 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: f0a26da7b371127e4460cc6d2da1b410c3d85ad9 27 | - fixed: ecca6e54f49f251bb4c16fe145d04c2b45923dc3 28 | versions: 29 | - FILE5_36 30 | ecosystem_specific: 31 | severity: MEDIUM 32 | -------------------------------------------------------------------------------- /vulns/file/OSV-2020-97.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-97 2 | summary: Use-of-uninitialized-value in file_vprintf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20702 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | file_vprintf 10 | file_printf 11 | mget 12 | ``` 13 | modified: '2022-04-13T03:04:30.886577Z' 14 | published: '2020-06-24T01:51:13.931038Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20702 18 | affected: 19 | - package: 20 | name: file 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/file/file.git 25 | events: 26 | - introduced: 0717383f58e5737cc4aa28446f5a8839d484caf4 27 | - fixed: 4f1887eb56f4abdf448274afc5abdc8f9d078929 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/fluent-bit/OSV-2020-2132.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2132 2 | summary: Heap-buffer-overflow in flb_gzip_compress 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27261 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 1 8 | Crash state: 9 | flb_gzip_compress 10 | utils_fuzzer.c 11 | ``` 12 | modified: '2022-04-13T03:04:38.279749Z' 13 | published: '2020-11-08T00:00:02.510551Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27261 17 | affected: 18 | - package: 19 | name: fluent-bit 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/fluent/fluent-bit/ 24 | events: 25 | - introduced: 9ef04be94ca1ce1275ba9e7adb9eeccbe9156580 26 | - fixed: cadff53c093210404aed01c4cf586adb8caa07af 27 | ecosystem_specific: 28 | severity: HIGH 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/fluent-bit/OSV-2020-2139.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2139 2 | summary: Heap-double-free in flb_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27025 5 | 6 | ``` 7 | Crash type: Heap-double-free 8 | Crash state: 9 | flb_free 10 | flb_sds_destroy 11 | flb_kv_item_destroy 12 | ``` 13 | modified: '2022-04-13T03:04:38.261902Z' 14 | published: '2020-11-08T00:00:50.376469Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27025 18 | affected: 19 | - package: 20 | name: fluent-bit 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/fluent/fluent-bit/ 25 | events: 26 | - introduced: e5289e606c4b55b0fac29046c8343958248189e7 27 | - fixed: d67f28b5b28253ff1d0732c79762bda2a12e207b 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/frr/OSV-2021-1127.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1127 2 | summary: Heap-use-after-free in zebra_nhg_hash_equal 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37164 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 4 8 | Crash state: 9 | zebra_nhg_hash_equal 10 | hash_get 11 | hash_lookup 12 | ``` 13 | modified: '2022-04-13T03:04:35.559279Z' 14 | published: '2021-08-15T00:00:44.029276Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37164 18 | affected: 19 | - package: 20 | name: frr 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/FRRouting/frr 25 | events: 26 | - introduced: f4b9fde3e7be9bcb854ae2a8680ecd67b07fdd82 27 | - fixed: 3f3348e5251554d05bd4c7b0aaaeffeb845fb74a 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/frr/OSV-2023-764.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-764 2 | summary: Heap-buffer-overflow in pim_pim_packet 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61854 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 2 8 | Crash state: 9 | pim_pim_packet 10 | pim_main.c 11 | ``` 12 | modified: '2023-08-30T14:00:10.026257Z' 13 | published: '2023-08-30T14:00:10.025963Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61854 17 | affected: 18 | - package: 19 | name: frr 20 | ecosystem: OSS-Fuzz 21 | purl: pkg:generic/frr 22 | ecosystem_specific: 23 | severity: MEDIUM 24 | versions: [] 25 | schema_version: 1.4.0 26 | -------------------------------------------------------------------------------- /vulns/ghostscript/OSV-2021-1708.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1708 2 | summary: UNKNOWN READ in chunk_free_object 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42491 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | chunk_free_object 10 | pdfi_close_file 11 | pdfi_dereference 12 | ``` 13 | modified: '2022-04-13T03:04:34.625998Z' 14 | published: '2021-12-17T00:00:37.940202Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42491 18 | affected: 19 | - package: 20 | name: ghostscript 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://git.ghostscript.com/ghostpdl.git 25 | events: 26 | - introduced: 624ef6ae4bb802dff156681a1616c6a65fca39c1 27 | - fixed: 3ce8214d8fc77be42eb6ad618c972113d4cb0d24 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/ghostscript/OSV-2021-1715.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1715 2 | summary: Segv on unknown address in sreadbuf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42489 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | sreadbuf 10 | spgetcc 11 | sgets 12 | ``` 13 | modified: '2022-04-13T03:04:34.581222Z' 14 | published: '2021-12-18T00:01:42.169089Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42489 18 | affected: 19 | - package: 20 | name: ghostscript 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://git.ghostscript.com/ghostpdl.git 25 | events: 26 | - introduced: 6a4847cd2566e8446753fd0ba17fe2f42c6e0315 27 | - fixed: 4107288ebb23d418ff5c1a9d40c48a4f00950193 28 | ecosystem_specific: 29 | severity: null 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/ghostscript/OSV-2021-1726.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1726 2 | summary: UNKNOWN READ in pdfi_dereference 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42616 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | pdfi_dereference 10 | pdfi_deref_loop_detect 11 | pdfi_dict_get 12 | ``` 13 | modified: '2022-04-13T03:04:34.481346Z' 14 | published: '2021-12-20T00:02:16.104976Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42616 18 | affected: 19 | - package: 20 | name: ghostscript 21 | ecosystem: OSS-Fuzz 22 | ecosystem_specific: 23 | severity: MEDIUM 24 | versions: [] 25 | -------------------------------------------------------------------------------- /vulns/ghostscript/OSV-2021-1728.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1728 2 | summary: UNKNOWN READ in pdfi_dict_get 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42687 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | pdfi_dict_get 10 | pdfi_dict_get_int 11 | pdfi_read_bare_object 12 | ``` 13 | modified: '2022-04-13T03:04:34.843778Z' 14 | published: '2021-12-21T00:00:40.650047Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42687 18 | affected: 19 | - package: 20 | name: ghostscript 21 | ecosystem: OSS-Fuzz 22 | ecosystem_specific: 23 | severity: MEDIUM 24 | versions: [] 25 | -------------------------------------------------------------------------------- /vulns/ghostscript/OSV-2022-80.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-80 2 | summary: Null-dereference READ in gstate_clone_core 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43989 5 | 6 | ``` 7 | Crash type: Null-dereference READ 8 | Crash state: 9 | gstate_clone_core 10 | gs_gsave 11 | gs_output_page 12 | ``` 13 | modified: '2022-04-13T03:04:34.647038Z' 14 | published: '2022-01-24T00:00:19.630777Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43989 18 | affected: 19 | - package: 20 | name: ghostscript 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/ghostscript 23 | ecosystem_specific: 24 | severity: null 25 | versions: [] 26 | schema_version: 1.2.0 27 | -------------------------------------------------------------------------------- /vulns/glib/OSV-2020-2253.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2253 2 | summary: Global-buffer-overflow in g_date_time_get_ymd 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28477 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 2 8 | Crash state: 9 | g_date_time_get_ymd 10 | g_date_time_get_year 11 | g_date_time_format_utf8 12 | ``` 13 | modified: '2022-04-13T03:04:32.557673Z' 14 | published: '2020-12-10T00:00:08.953434Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28477 18 | affected: 19 | - package: 20 | name: glib 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.gnome.org/GNOME/glib 25 | events: 26 | - introduced: ec330e50cf0ea3a003290d874f803892cfd64290 27 | - fixed: c3805d74ba4c46aacf9470646fdecdcba68e11d0 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/glib/OSV-2020-741.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-741 2 | summary: Heap-buffer-overflow in uri_decoder 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23815 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | uri_decoder 10 | uri_decode 11 | g_uri_parse_params 12 | ``` 13 | modified: '2022-04-13T03:04:32.487072Z' 14 | published: '2020-07-04T00:00:01.437763Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23815 18 | affected: 19 | - package: 20 | name: glib 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.gnome.org/GNOME/glib 25 | events: 26 | - introduced: 44524b9daa622058e3e55617b9b0d4c986e3b8b3 27 | - fixed: f9d165add1342ecae6cdde1b95e9ce63320768dd 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/glib/OSV-2020-743.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-743 2 | summary: Heap-buffer-overflow in uri_decoder 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23818 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | uri_decoder 10 | g_uri_unescape_bytes 11 | fuzz_uri_escape.c 12 | ``` 13 | modified: '2022-04-13T03:04:32.504752Z' 14 | published: '2020-07-04T00:00:01.814357Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23818 18 | affected: 19 | - package: 20 | name: glib 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.gnome.org/GNOME/glib 25 | events: 26 | - introduced: 44524b9daa622058e3e55617b9b0d4c986e3b8b3 27 | - fixed: 15bf2ddaf5cfae484f714ebb9f0895a79959f29e 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/gnupg/OSV-2020-568.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-568 2 | summary: Heap-use-after-free in proc_plaintext 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13730 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 4 8 | Crash state: 9 | proc_plaintext 10 | do_proc_packets 11 | proc_signature_packets 12 | ``` 13 | modified: '2022-04-13T03:04:32.464454Z' 14 | published: '2020-07-01T00:00:17.473815Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13730 18 | affected: 19 | - package: 20 | name: gnupg 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://git.gnupg.org/gnupg.git 25 | events: 26 | - introduced: 01c87d4ce23bc9fc44ec5301c2c6bf2ce615c375 27 | - fixed: 3e1f3df6183b2ed2cadf2af2383063891e2c53bd 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/grok/OSV-2023-689.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-689 2 | summary: Use-of-uninitialized-value 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61380 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | NULL``` 10 | modified: '2023-08-12T14:02:14.531027Z' 11 | published: '2023-08-12T14:02:14.530750Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61380 15 | affected: 16 | - package: 17 | name: grok 18 | ecosystem: OSS-Fuzz 19 | purl: pkg:generic/grok 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/GrokImageCompression/grok.git 23 | events: 24 | - introduced: 39670926d0334190a31e3a2526137d97440973e3 25 | - fixed: 6a364d7d81e07a9fdbdce74f27803288158d7a49 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | schema_version: 1.6.0 30 | -------------------------------------------------------------------------------- /vulns/h2o/OSV-2021-1120.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1120 2 | summary: Heap-use-after-free in on_body 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37023 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 1 8 | Crash state: 9 | on_body 10 | req_body_send_complete 11 | run_socket 12 | ``` 13 | modified: '2022-04-13T03:04:35.151574Z' 14 | published: '2021-08-11T00:01:35.546323Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37023 18 | affected: 19 | - package: 20 | name: h2o 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/h2o/h2o 25 | events: 26 | - introduced: 658d4548bcaa253e3f941e67b928d12b8a2a98b8 27 | - fixed: 38774e5aa18090f34a8c0b6010dcaebd9fdd8b62 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/haproxy/OSV-2020-745.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-745 2 | summary: Heap-buffer-overflow in memvprintf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23715 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | memvprintf 10 | print_message 11 | ha_alert 12 | ``` 13 | modified: '2022-04-13T03:04:30.917892Z' 14 | published: '2020-07-04T00:00:02.054678Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23715 18 | affected: 19 | - package: 20 | name: haproxy 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/haproxy/haproxy 25 | events: 26 | - introduced: f3d2c6d706492018d83d151aa18e1f4f0d415ed7 27 | - fixed: 07d47060e0d99d0884440c3fa55ef2a338987769 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/haproxy/OSV-2020-751.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-751 2 | summary: Heap-buffer-overflow in readcfgfile 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23653 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 1 8 | Crash state: 9 | readcfgfile 10 | fuzz_cfg_parser.c 11 | ``` 12 | modified: '2022-04-13T03:04:30.912816Z' 13 | published: '2020-07-04T00:00:14.603582Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23653 17 | affected: 18 | - package: 19 | name: haproxy 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/haproxy/haproxy 24 | events: 25 | - introduced: 88403266e5c38b5fbe278a25304cbdc735ae50fe 26 | - fixed: 08488f66b6028761d8eb60a3bddb9aa080a2af4a 27 | ecosystem_specific: 28 | severity: HIGH 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/htslib/OSV-2020-1733.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1733 2 | summary: Heap-buffer-overflow in le_to_u32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25533 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | le_to_u32 10 | le_to_i32 11 | bcf_dec_typed_int1_safe 12 | ``` 13 | modified: '2022-04-13T03:04:32.360821Z' 14 | published: '2020-09-11T00:01:15.355070Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25533 18 | affected: 19 | - package: 20 | name: htslib 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/samtools/htslib.git 25 | events: 26 | - introduced: 3ac8a04f8f6071be0901a9ddcda296f58b2bcf0c 27 | - fixed: 8bab82bdb8c2613e1ca7bd5573d7c12117a2dc02 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/htslib/OSV-2021-231.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-231 2 | summary: Heap-buffer-overflow in int32_get_blk 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29855 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | int32_get_blk 10 | cram_read_SAM_hdr 11 | cram_dopen 12 | ``` 13 | modified: '2022-04-13T03:04:32.301338Z' 14 | published: '2021-01-24T00:00:23.631012Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29855 18 | affected: 19 | - package: 20 | name: htslib 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/samtools/htslib.git 25 | events: 26 | - introduced: 0d1971cbebb269d90a563464e4f56987290e20ab 27 | - fixed: 90fef7300c75ca6b8834da0dcb710e27d599324e 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/icu/OSV-2020-584.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-584 2 | summary: Heap-buffer-overflow in collator_compare_fuzzer.cpp 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15499 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 3 8 | Crash state: 9 | collator_compare_fuzzer.cpp 10 | ``` 11 | modified: '2022-04-13T03:04:34.102345Z' 12 | published: '2020-07-01T00:00:18.401815Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15499 16 | affected: 17 | - package: 18 | name: icu 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/unicode-org/icu.git 23 | events: 24 | - introduced: 6e5755a2a833bc64852eae12967d0a54d7adf629 25 | - fixed: c43455749b914feef56b178b256f29b3016146eb 26 | ecosystem_specific: 27 | severity: HIGH 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/icu/OSV-2024-7.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2024-7 2 | summary: Heap-buffer-overflow in icu_75::Locale::Locale 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65534 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | icu_75::Locale::Locale 10 | plurrule_fuzzer.cpp 11 | ``` 12 | modified: '2024-01-07T00:11:45.065397Z' 13 | published: '2024-01-07T00:11:45.064745Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65534 17 | affected: 18 | - package: 19 | name: icu 20 | ecosystem: OSS-Fuzz 21 | purl: pkg:generic/icu 22 | ecosystem_specific: 23 | severity: HIGH 24 | versions: [] 25 | schema_version: 1.6.0 26 | -------------------------------------------------------------------------------- /vulns/irssi/OSV-2020-299.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-299 2 | summary: Bad-free in sig_destroyed 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17160 5 | 6 | ``` 7 | Crash type: Bad-free 8 | Crash state: 9 | sig_destroyed 10 | signal_emit_real 11 | signal_emit 12 | ``` 13 | modified: '2022-04-13T03:04:33.978934Z' 14 | published: '2020-06-30T00:00:47.672996Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17160 18 | affected: 19 | - package: 20 | name: irssi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/irssi/irssi 25 | events: 26 | - introduced: e36d6b9b8c1266f9786bbb3c197f32f208f8aaeb 27 | - fixed: ed65499d76daac352d76ae0f30e36f3feb623174 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/irssi/OSV-2021-664.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-664 2 | summary: Heap-use-after-free in module_check_cast 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33444 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 4 8 | Crash state: 9 | module_check_cast 10 | server_connect_unref 11 | server_unref 12 | ``` 13 | modified: '2022-04-13T03:04:33.973965Z' 14 | published: '2021-04-21T00:00:14.547847Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33444 18 | affected: 19 | - package: 20 | name: irssi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/irssi/irssi 25 | events: 26 | - introduced: 2a0f1d7636a9fd941fbb04f52fe9c23b3263406a 27 | - fixed: 3dbfac5699c6887b7149a0b1c805c4730f63d0f4 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/jq/OSV-2024-396.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2024-396 2 | summary: UNKNOWN READ in jvp_object_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65942 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | jvp_object_free 10 | jv_free 11 | jv_equal 12 | ``` 13 | modified: '2025-06-01T14:15:28.419159Z' 14 | published: '2024-05-01T00:11:24.552935Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65942 18 | affected: 19 | - package: 20 | name: jq 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/jq 23 | ranges: 24 | - type: GIT 25 | repo: https://github.com/jqlang/jq 26 | events: 27 | - introduced: 5029328d35f3e60037970d27f350a742af41aa02 28 | versions: 29 | - jq-1.7.1 30 | - jq-1.8.0 31 | ecosystem_specific: 32 | severity: MEDIUM 33 | schema_version: 1.6.0 34 | -------------------------------------------------------------------------------- /vulns/jq/OSV-2024-440.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2024-440 2 | summary: UNKNOWN READ 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66323 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | NULL``` 10 | modified: '2025-06-01T14:15:37.186758Z' 11 | published: '2024-05-07T00:06:11.033336Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66323 15 | affected: 16 | - package: 17 | name: jq 18 | ecosystem: OSS-Fuzz 19 | purl: pkg:generic/jq 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/jqlang/jq 23 | events: 24 | - introduced: 5029328d35f3e60037970d27f350a742af41aa02 25 | versions: 26 | - jq-1.7.1 27 | - jq-1.8.0 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | schema_version: 1.6.0 31 | -------------------------------------------------------------------------------- /vulns/json-c/OSV-2020-252.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-252 2 | summary: Global-buffer-overflow in json_tokener_parse_ex 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23619 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 4 8 | Crash state: 9 | json_tokener_parse_ex 10 | tokener_parse_ex_fuzzer.cc 11 | ``` 12 | modified: '2022-04-13T03:04:37.689323Z' 13 | published: '2020-06-26T00:00:11.383919Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23619 17 | affected: 18 | - package: 19 | name: json-c 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/json-c/json-c.git 24 | events: 25 | - introduced: da76ee26e7977cc4d796ed8c7e263d95cd94a199 26 | - fixed: 36118b681ea3b8e99735beee73cbd25a63e942cd 27 | versions: [] 28 | -------------------------------------------------------------------------------- /vulns/kamailio/OSV-2021-1201.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1201 2 | summary: Heap-buffer-overflow in q_memchr 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38065 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | q_memchr 10 | parse_quoted_param 11 | parse_param_body 12 | ``` 13 | modified: '2022-04-13T03:04:37.747979Z' 14 | published: '2021-09-05T00:00:46.108630Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38065 18 | affected: 19 | - package: 20 | name: kamailio 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/kamailio/kamailio 25 | events: 26 | - introduced: 199f13a7dfac8cd817850c6a6afe5ba510835418 27 | - fixed: 20db418f1e35f31d7a90d7cabbd22ae989b7266c 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/lcms/OSV-2021-1680.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1680 2 | summary: Global-buffer-overflow in InStringSymbol 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42227 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow WRITE {*} 8 | Crash state: 9 | InStringSymbol 10 | InSymbol 11 | ParseIT8 12 | ``` 13 | modified: '2022-04-13T03:04:33.902662Z' 14 | published: '2021-12-13T00:01:45.105861Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42227 18 | affected: 19 | - package: 20 | name: lcms 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mm2/Little-CMS.git 25 | events: 26 | - introduced: 1c667a762c4272ec970a2dd6f945836c52f35720 27 | - fixed: 32d19328855dd599bf7f15dcfd5fafd6f87fb0d5 28 | ecosystem_specific: 29 | severity: null 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libarchive/OSV-2020-487.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-487 2 | summary: UNKNOWN READ in crc32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15278 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | crc32 10 | update_crc 11 | push_data_ready 12 | ``` 13 | modified: '2022-04-13T03:04:41.162898Z' 14 | published: '2020-07-01T00:00:12.477818Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15278 18 | affected: 19 | - package: 20 | name: libarchive 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libarchive/libarchive.git 25 | events: 26 | - introduced: 4bd12b6f40cb4413c8970c52f15f3b6885b5e32f 27 | - fixed: 47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 28 | versions: 29 | - v3.4.0 30 | ecosystem_specific: 31 | severity: MEDIUM 32 | -------------------------------------------------------------------------------- /vulns/libarchive/OSV-2020-628.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-628 2 | summary: UNKNOWN READ in copy_string 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15482 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | copy_string 10 | do_uncompress_block 11 | process_block 12 | ``` 13 | modified: '2022-04-13T03:04:41.221723Z' 14 | published: '2020-07-01T00:00:21.328353Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15482 18 | affected: 19 | - package: 20 | name: libarchive 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libarchive/libarchive.git 25 | events: 26 | - introduced: 47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 27 | - fixed: b625b17e6fd6e89b2f54236b402ccd3722ace2bb 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libass/OSV-2021-442.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-442 2 | summary: Heap-buffer-overflow in fnv_32a_buf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31301 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | fnv_32a_buf 10 | font_hash 11 | ass_cache_get 12 | ``` 13 | modified: '2022-04-13T03:04:30.615610Z' 14 | published: '2021-02-24T00:00:23.135123Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31301 18 | affected: 19 | - package: 20 | name: libass 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libass/libass.git 25 | events: 26 | - introduced: 82b225b3d6653091d028b39d561d185ed76a7be5 27 | - fixed: 8f987713dd0fa791c5c511c13bb27021fa653fb0 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libbpf/OSV-2021-1489.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1489 2 | summary: UNKNOWN READ in __bpf_object__open 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40317 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | __bpf_object__open 10 | bpf_object__open_mem 11 | bpf-object-fuzzer.c 12 | ``` 13 | modified: '2022-04-13T03:04:36.763265Z' 14 | published: '2021-10-26T00:01:29.852624Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40317 18 | affected: 19 | - package: 20 | name: libbpf 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libbpf/libbpf 25 | events: 26 | - introduced: d7982f3948552963e009c06f4ed42c376934bc62 27 | - fixed: 36cc591ac8a7b390249c4f3afcef21b8c9c6c76f 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libcbor/OSV-2020-105.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-105 2 | summary: Segv on unknown address in cbor_typeof 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21387 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | cbor_typeof 10 | _cbor_nested_describe 11 | _cbor_nested_describe 12 | ``` 13 | modified: '2022-04-13T03:04:41.481665Z' 14 | published: '2020-06-24T01:51:14.307336Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21387 18 | affected: 19 | - package: 20 | name: libcbor 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/PJK/libcbor 25 | events: 26 | - introduced: 6e6050e9ca2a898de1c6b0f3babadb745b5047da 27 | - fixed: 3bfb7acb29d9812ffe8085af77c7fac72f76d33a 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libcbor/OSV-2020-88.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-88 2 | summary: Segv on unknown address in cbor_decref 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21386 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | cbor_decref 10 | cbor_decref 11 | cbor_load 12 | ``` 13 | modified: '2022-04-13T03:04:41.486347Z' 14 | published: '2020-06-24T01:51:13.521395Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21386 18 | affected: 19 | - package: 20 | name: libcbor 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/PJK/libcbor 25 | events: 26 | - introduced: 6e6050e9ca2a898de1c6b0f3babadb745b5047da 27 | - fixed: 3bfb7acb29d9812ffe8085af77c7fac72f76d33a 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libcoap/OSV-2021-450.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-450 2 | summary: Global-buffer-overflow in coap_pdu_parse_opt 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31479 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow WRITE 1 8 | Crash state: 9 | coap_pdu_parse_opt 10 | coap_pdu_parse 11 | ``` 12 | modified: '2022-04-13T03:04:42.402386Z' 13 | published: '2021-02-28T00:00:03.278436Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31479 17 | affected: 18 | - package: 19 | name: libcoap 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/obgm/libcoap.git 24 | events: 25 | - introduced: 757ca19cd0b7612b17ce05f6dcad6e02e4b7e497 26 | - fixed: f930b0ad5bc73689d4b63d3742f39d6ff49197a9 27 | versions: [] 28 | -------------------------------------------------------------------------------- /vulns/libgit2/OSV-2018-104.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-104 2 | summary: Heap-buffer-overflow in git__strntol64 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11382 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | git__strntol64 10 | git__strntol32 11 | parse_mode 12 | ``` 13 | modified: '2022-04-13T03:04:35.183028Z' 14 | published: '2021-01-13T00:00:45.886374Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11382 18 | affected: 19 | - package: 20 | name: libgit2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libgit2/libgit2 25 | events: 26 | - introduced: 7fafec0e53f8711b73912d46b43451c599aeceb3 27 | - fixed: 4209a5125802e714a6342a74ff0835c5c4a2397d 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libgit2/OSV-2018-177.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-177 2 | summary: Heap-buffer-overflow in prefixcmp 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11007 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | prefixcmp 10 | git__prefixcmp 11 | git_commit__parse_raw 12 | ``` 13 | modified: '2022-04-13T03:04:35.193285Z' 14 | published: '2021-01-13T00:01:13.296112Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11007 18 | affected: 19 | - package: 20 | name: libgit2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libgit2/libgit2 25 | events: 26 | - introduced: a1d5fd0630c6f7e3ac23bc9e13ba33901dfddba4 27 | - fixed: cb23c3efd22d34db279ceb39cc312473761db5ed 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libgit2/OSV-2018-2.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-2 2 | summary: Heap-buffer-overflow in git_buf_vprintf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11004 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 13 8 | Crash state: 9 | git_buf_vprintf 10 | giterr_set 11 | git__strntol32 12 | ``` 13 | modified: '2022-04-13T03:04:35.213787Z' 14 | published: '2021-01-12T06:20:27.447382Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11004 18 | affected: 19 | - package: 20 | name: libgit2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libgit2/libgit2 25 | events: 26 | - introduced: a1d5fd0630c6f7e3ac23bc9e13ba33901dfddba4 27 | - fixed: bea65980c7a42e34edfafbdc40b199ba7b2a564e 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libgit2/OSV-2018-58.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-58 2 | summary: Heap-buffer-overflow in tag_parse 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10999 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 2 8 | Crash state: 9 | tag_parse 10 | git_tag__parse_raw 11 | git_object__from_raw 12 | ``` 13 | modified: '2022-04-13T03:04:35.203520Z' 14 | published: '2021-01-13T00:00:29.755710Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10999 18 | affected: 19 | - package: 20 | name: libgit2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libgit2/libgit2 25 | events: 26 | - introduced: a1d5fd0630c6f7e3ac23bc9e13ba33901dfddba4 27 | - fixed: ee11d47e3d907b66eeff99e0ba1e1c71e05164b7 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libhtp/OSV-2020-673.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-673 2 | summary: UNKNOWN WRITE in htp_connp_res_buffer 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19323 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | htp_connp_res_buffer 10 | htp_connp_RES_LINE 11 | htp_connp_res_data 12 | ``` 13 | modified: '2022-04-13T03:04:40.499085Z' 14 | published: '2020-07-01T00:00:23.898100Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19323 18 | affected: 19 | - package: 20 | name: libhtp 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/OISF/libhtp.git 25 | events: 26 | - introduced: d01949a3984c2b5ba20260b0766abe8b201c1c76 27 | - fixed: 234431b6f32ff2ef25e0e3ec482afe19a1f4e299 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libhtp/OSV-2021-159.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-159 2 | summary: UNKNOWN READ in htp_connp_RES_FINALIZE 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29551 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | htp_connp_RES_FINALIZE 10 | htp_connp_res_data 11 | fuzz_htp.c 12 | ``` 13 | modified: '2022-04-13T03:04:40.504136Z' 14 | published: '2021-01-13T21:57:34.116557Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29551 18 | affected: 19 | - package: 20 | name: libhtp 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/OISF/libhtp.git 25 | events: 26 | - introduced: dcf5d9428d585bdfdf5b2eb4e9024da6222e0fd0 27 | - fixed: 8b5c94af604d5a873f8ae10d252940b9dd1f6339 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libidn2/OSV-2020-417.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-417 2 | summary: Heap-buffer-overflow in idn2_to_ascii_4i 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE {*} 8 | Crash state: 9 | idn2_to_ascii_4i 10 | libidn2_to_ascii_8z_fuzzer.c 11 | ``` 12 | modified: '2022-04-13T03:04:41.460832Z' 13 | published: '2020-07-01T00:00:08.331193Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 17 | affected: 18 | - package: 19 | name: libidn2 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://gitlab.com/libidn/libidn2.git 24 | events: 25 | - introduced: 0965b23044e5b55a3beb01d6a6c62eb2b9a7b0c9 26 | - fixed: e4d1558aa2c1c04a05066ee8600f37603890ba8c 27 | ecosystem_specific: 28 | severity: HIGH 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/libspng/OSV-2020-227.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-227 2 | summary: Heap-double-free in spng__free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22720 5 | 6 | ``` 7 | Crash type: Heap-double-free 8 | Crash state: 9 | spng__free 10 | spng__inflate_stream 11 | read_non_idat_chunks 12 | ``` 13 | modified: '2022-04-13T03:04:33.698514Z' 14 | published: '2020-06-24T01:51:19.852052Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22720 18 | affected: 19 | - package: 20 | name: libspng 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/randy408/libspng.git 25 | events: 26 | - introduced: 56ea34629ac4e56f2264f7a8212b228873e9f174 27 | - fixed: f47ed26affe9655c70340b8df9fd9e6f1f2ec85e 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libspng/OSV-2020-307.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-307 2 | summary: Heap-buffer-overflow in spng_decode_image 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16830 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | spng_decode_image 10 | spng_read_fuzzer.cc 11 | ``` 12 | modified: '2022-04-13T03:04:33.693276Z' 13 | published: '2020-06-30T00:00:49.046191Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16830 17 | affected: 18 | - package: 19 | name: libspng 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/randy408/libspng.git 24 | events: 25 | - introduced: d48a9fa212cee4c05c51178b9c7813cd1299dcb3 26 | - fixed: d7d4cced14f6107d05b52b5e7758207f79aa3465 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/libspng/OSV-2020-344.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-344 2 | summary: Heap-buffer-overflow in spng_decode_image 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16091 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ {*} 8 | Crash state: 9 | spng_decode_image 10 | spng_read_fuzzer.cc 11 | ``` 12 | modified: '2022-04-13T03:04:33.708836Z' 13 | published: '2020-07-01T00:00:04.309532Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16091 17 | affected: 18 | - package: 19 | name: libspng 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/randy408/libspng.git 24 | events: 25 | - introduced: c06fc855a3933b18dff6526633abeee4f697fc9d 26 | - fixed: bace14e344502fce5984ab4fd9177d8db60351f8 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/libspng/OSV-2020-351.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-351 2 | summary: UNKNOWN READ in validate_past_idat 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14935 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | validate_past_idat 10 | spng_decode_image 11 | spng_read_fuzzer.cc 12 | ``` 13 | modified: '2022-04-13T03:04:33.672637Z' 14 | published: '2020-07-01T00:00:04.694618Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14935 18 | affected: 19 | - package: 20 | name: libspng 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/randy408/libspng.git 25 | events: 26 | - introduced: cb18f38c1f2c62a70062d5d2d36b28e7384b954d 27 | - fixed: 94c6198a1bb93fa6cd209085b817c1e64272abb4 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libspng/OSV-2020-756.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-756 2 | summary: Use-of-uninitialized-value in spng_read_fuzzer.c 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23936 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | spng_read_fuzzer.c 10 | spng_read_fuzzer.c 11 | ``` 12 | modified: '2022-04-13T03:04:33.688216Z' 13 | published: '2020-07-09T00:00:05.644183Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23936 17 | affected: 18 | - package: 19 | name: libspng 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/randy408/libspng.git 24 | events: 25 | - introduced: 6a1c8f0e7c2242b22dfc562950a568c1d715954f 26 | - fixed: 932e9c836ea388dbd0d7a214af78a70373079c9d 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2016-4.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2016-4 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=174 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_execute 11 | do_action 12 | ``` 13 | modified: '2022-04-13T03:04:40.052783Z' 14 | published: '2021-01-15T05:21:11.020482Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=174 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2016-5.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2016-5 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=182 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_action 11 | parse_data 12 | ``` 13 | modified: '2022-04-13T03:04:40.038855Z' 14 | published: '2021-01-15T05:21:11.929776Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=182 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2017-121.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2017-121 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8923 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_trans 11 | tsm_vte_input 12 | ``` 13 | modified: '2022-04-13T03:04:40.024896Z' 14 | published: '2021-01-15T00:00:02.372502Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8923 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2017-157.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2017-157 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=744 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_trans 11 | tsm_vte_input 12 | ``` 13 | modified: '2022-04-13T03:04:40.048151Z' 14 | published: '2021-01-15T05:20:53.280212Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=744 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2017-161.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2017-161 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=449 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_execute 11 | do_action 12 | ``` 13 | modified: '2022-04-13T03:04:40.020187Z' 14 | published: '2021-01-15T05:21:13.160609Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=449 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2017-167.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2017-167 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=457 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_action 11 | parse_data 12 | ``` 13 | modified: '2022-04-13T03:04:40.029553Z' 14 | published: '2021-01-15T05:22:10.388343Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=457 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2020-1448.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1448 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22203 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | send_primary_da 11 | do_esc 12 | ``` 13 | modified: '2022-04-13T03:04:40.043504Z' 14 | published: '2020-07-28T00:00:21.964189Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22203 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2021-1373.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1373 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39313 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | csi_dev_attr 11 | do_action 12 | ``` 13 | modified: '2022-04-13T03:04:40.010197Z' 14 | published: '2021-09-27T00:00:07.177410Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39313 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | ecosystem_specific: 28 | severity: null 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/libtsm/OSV-2021-289.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-289 2 | summary: Global-buffer-overflow in vte_write_debug 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30351 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | vte_write_debug 10 | do_action 11 | parse_data 12 | ``` 13 | modified: '2022-04-13T03:04:40.034192Z' 14 | published: '2021-02-07T00:00:02.819846Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30351 18 | affected: 19 | - package: 20 | name: libtsm 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://people.freedesktop.org/~dvdhrm/libtsm 25 | events: 26 | - introduced: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 27 | - fixed: b73acb4c71698a764763ae8dad94c1e8a2b8d7a3 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/libvips/OSV-2020-102.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-102 2 | summary: Heap-use-after-free in vips_buf_vappendf 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20843 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 2 8 | Crash state: 9 | vips_buf_vappendf 10 | vips_verror 11 | vips_error 12 | ``` 13 | modified: '2022-04-13T03:04:38.019472Z' 14 | published: '2020-06-24T01:51:14.150858Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20843 18 | affected: 19 | - package: 20 | name: libvips 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/libvips/libvips 25 | events: 26 | - introduced: ce240b1ca224705343798c42a907e17b1ef6df6f 27 | - fixed: 175408733fcffed7aa0618c6d5ad5390ed5c4f88 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/libyaml/OSV-2020-1611.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1611 2 | summary: Heap-buffer-overflow in yaml_emitter_emit_flow_mapping_key 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24869 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | yaml_emitter_emit_flow_mapping_key 10 | yaml_emitter_state_machine 11 | yaml_emitter_emit 12 | ``` 13 | modified: '2022-04-13T03:04:41.717390Z' 14 | published: '2020-08-14T00:01:51.615528Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24869 18 | affected: 19 | - package: 20 | name: libyaml 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/yaml/libyaml 25 | events: 26 | - introduced: acd6f6f014c25e46363e718381e0b35205df2d83 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/lua/OSV-2021-1171.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1171 2 | summary: Heap-buffer-overflow in luaG_runerror 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37621 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 8 8 | Crash state: 9 | luaG_runerror 10 | luaD_pretailcall 11 | luaV_execute 12 | ``` 13 | modified: '2022-04-13T03:04:30.719580Z' 14 | published: '2021-08-27T00:00:11.241923Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37621 18 | affected: 19 | - package: 20 | name: lua 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/lua/lua 25 | events: 26 | - introduced: 41871f1803770305f182f56cbd22a336c5236a19 27 | - fixed: cf613cdc6fa367257fc61c256f63d917350858b5 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/lua/OSV-2021-205.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-205 2 | summary: Heap-use-after-free in lua_closeslot 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29610 5 | 6 | ``` 7 | Crash type: Heap-use-after-free WRITE 1 8 | Crash state: 9 | lua_closeslot 10 | luaL_traceback 11 | msghandler 12 | ``` 13 | modified: '2022-04-13T03:04:30.724783Z' 14 | published: '2021-01-16T00:01:03.500860Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29610 18 | affected: 19 | - package: 20 | name: lua 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/lua/lua 25 | events: 26 | - introduced: cc1692515e2a6aabc6d07159e7926656e38eda53 27 | - fixed: 2bfa13e520e53210b96ead88f49a9ca20c5a5d18 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-279.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-279 2 | summary: Global-buffer-overflow in lex_multiline_string 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18562 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 3 8 | Crash state: 9 | lex_multiline_string 10 | lex_next 11 | parse_key_value 12 | ``` 13 | modified: '2022-04-13T03:04:31.705665Z' 14 | published: '2020-06-30T00:00:45.609366Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18562 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 56c5aae6cb30c0247596d72916c8f2f47d6abde3 27 | - fixed: 604eb733ecdbe8f637787825223c4c4ba5a3459c 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-322.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-322 2 | summary: Negative-size-param in parse_proxy_protocol_v2 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14455 5 | 6 | ``` 7 | Crash type: Negative-size-param 8 | Crash state: 9 | parse_proxy_protocol_v2 10 | parse_http_request 11 | fuzz_parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.700929Z' 14 | published: '2020-07-01T00:00:02.608126Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14455 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: abf6eda654c8336e2ffe4e5c1a5179576da185c5 27 | - fixed: b506275b36827f194bc15d77bd6d2f8f7b3b935f 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-335.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-335 2 | summary: Global-buffer-overflow in template_fuzzer.cc 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18988 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow WRITE 1 8 | Crash state: 9 | template_fuzzer.cc 10 | ``` 11 | modified: '2022-04-13T03:04:31.744454Z' 12 | published: '2020-07-01T00:00:03.741355Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18988 16 | affected: 17 | - package: 18 | name: lwan 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: git://github.com/lpereira/lwan 23 | events: 24 | - introduced: 0fc10a8c657339b2a26b8bf1b64d4431a293a24f 25 | - fixed: d7fc0d27fbea5c68d61444033517d0e962e822e6 26 | versions: [] 27 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-337.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-337 2 | summary: Global-buffer-overflow in lex_multiline_string 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18626 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | lex_multiline_string 10 | lex_next 11 | parse_key_value 12 | ``` 13 | modified: '2022-04-13T03:04:31.739773Z' 14 | published: '2020-07-01T00:00:03.807910Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18626 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 56c5aae6cb30c0247596d72916c8f2f47d6abde3 27 | - fixed: 7d5e299657315fb7cfc7b4c0ddb27efe0fe2893a 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-373.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-373 2 | summary: UNKNOWN READ in url_decode 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14501 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | url_decode 10 | parse_key_values 11 | fuzz_parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.715630Z' 14 | published: '2020-07-01T00:00:05.814415Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14501 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 3402997c93f794903a27d35c4624ca489f52f8ac 27 | - fixed: 341dca6b2594eea98df73dcdb96bb80b6ccc9fb9 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-394.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-394 2 | summary: Global-buffer-overflow in parse_headers 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14529 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow WRITE 8 8 | Crash state: 9 | parse_headers 10 | parse_http_request 11 | fuzz_parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.696233Z' 14 | published: '2020-07-01T00:00:06.992887Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14529 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: ed0401f0889b6e91b41241093891e5716c24ac0b 27 | - fixed: 8feaf5303d43cad4d057a51722713213d3c9732c 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-406.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-406 2 | summary: Global-buffer-overflow in lwan_strbuf_append_str 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18448 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ {*} 8 | Crash state: 9 | lwan_strbuf_append_str 10 | parse_section 11 | parse_section_shorthand 12 | ``` 13 | modified: '2022-04-13T03:04:31.720558Z' 14 | published: '2020-07-01T00:00:07.709109Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18448 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: c9ac13203b6685d3bf89ab6d257b37dd6b0d5833 27 | - fixed: 742ecf1c535b0b3b1350253faef6289fdc8f8e12 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-410.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-410 2 | summary: Global-buffer-overflow in lex_multiline_string 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18455 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | lex_multiline_string 10 | lex_next 11 | parse_config 12 | ``` 13 | modified: '2022-04-13T03:04:31.725276Z' 14 | published: '2020-07-01T00:00:07.995615Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18455 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: c9ac13203b6685d3bf89ab6d257b37dd6b0d5833 27 | - fixed: ab882fe013ec880425bd918e0bcbf9e798361585 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-431.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-431 2 | summary: Global-buffer-overflow in parse_headers 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14511 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 2 8 | Crash state: 9 | parse_headers 10 | parse_http_request 11 | fuzz_parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.753751Z' 14 | published: '2020-07-01T00:00:09.131195Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14511 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 7220bbf47f668fc600824b513afd207097fa6b68 27 | - fixed: 898399937a1afe937edba5137c51ffb4f7054056 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-462.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-462 2 | summary: Global-buffer-overflow in strsep_char 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14509 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ {*} 8 | Crash state: 9 | strsep_char 10 | parse_proxy_protocol_v1 11 | parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.758468Z' 14 | published: '2020-07-01T00:00:10.876736Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14509 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 7220bbf47f668fc600824b513afd207097fa6b68 27 | - fixed: 6be9574a2d80457a5bfc16b23b67905d8f68e827 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-504.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-504 2 | summary: Global-buffer-overflow in lwan_parse_rfc_time 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14297 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 4 8 | Crash state: 9 | lwan_parse_rfc_time 10 | parse_if_modified_since 11 | fuzz_parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.767885Z' 14 | published: '2020-07-01T00:00:13.515175Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14297 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 5a47a0c2d988d3b3b1c8d3938b7a994f464469b5 27 | - fixed: 4d04b78ace04a72632a8ccc74b00d8205c75d89a 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-605.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-605 2 | summary: Global-buffer-overflow in parse_headers 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14232 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 4 8 | Crash state: 9 | parse_headers 10 | parse_http_request 11 | fuzz_parse_http_request 12 | ``` 13 | modified: '2022-04-13T03:04:31.691515Z' 14 | published: '2020-07-01T00:00:20.009044Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14232 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: 5a47a0c2d988d3b3b1c8d3938b7a994f464469b5 27 | - fixed: 7e08e1f1fd8d220f16d347e5c351ddeb56ef5524 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-632.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-632 2 | summary: Global-buffer-overflow in parse_http_request 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14582 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | parse_http_request 10 | fuzz_parse_http_request 11 | ``` 12 | modified: '2022-04-13T03:04:31.763179Z' 13 | published: '2020-07-01T00:00:21.523430Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14582 17 | affected: 18 | - package: 19 | name: lwan 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: git://github.com/lpereira/lwan 24 | events: 25 | - introduced: 7220bbf47f668fc600824b513afd207097fa6b68 26 | - fixed: 9ad6eb501b55f27a17d6383fa5bdcb2328147685 27 | versions: [] 28 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-665.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-665 2 | summary: Global-buffer-overflow in backup 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18447 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | backup 10 | lex_string 11 | lex_next 12 | ``` 13 | modified: '2022-04-13T03:04:31.729939Z' 14 | published: '2020-07-01T00:00:23.491385Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18447 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: c9ac13203b6685d3bf89ab6d257b37dd6b0d5833 27 | - fixed: ab882fe013ec880425bd918e0bcbf9e798361585 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lwan/OSV-2020-685.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-685 2 | summary: Global-buffer-overflow in backup 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18464 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | backup 10 | peek 11 | lex_config 12 | ``` 13 | modified: '2022-04-13T03:04:31.749086Z' 14 | published: '2020-07-01T00:00:24.689135Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18464 18 | affected: 19 | - package: 20 | name: lwan 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://github.com/lpereira/lwan 25 | events: 26 | - introduced: c9ac13203b6685d3bf89ab6d257b37dd6b0d5833 27 | - fixed: ab882fe013ec880425bd918e0bcbf9e798361585 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/lz4/OSV-2020-624.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-624 2 | summary: Heap-buffer-overflow in LZ4_write32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 4 8 | Crash state: 9 | LZ4_write32 10 | LZ4_compress_fast_extState 11 | LZ4_compress_fast 12 | ``` 13 | modified: '2022-04-13T03:04:41.753082Z' 14 | published: '2020-07-01T00:00:21.077578Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941 18 | affected: 19 | - package: 20 | name: lz4 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/lz4/lz4.git 25 | events: 26 | - introduced: 3c40db8d258716b9efcfb46fa6dc29de6e43e616 27 | - fixed: 13a2d9e34ffc4170720ce417c73e396d0ac1471a 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/lz4/OSV-2022-549.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-549 2 | summary: Invalid-free in round_trip_fuzzer.c 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48884 5 | 6 | ``` 7 | Crash type: Invalid-free 8 | Crash state: 9 | round_trip_fuzzer.c 10 | ``` 11 | modified: '2022-07-09T00:00:25.413619Z' 12 | published: '2022-07-09T00:00:25.413389Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48884 16 | affected: 17 | - package: 18 | name: lz4 19 | ecosystem: OSS-Fuzz 20 | purl: pkg:generic/lz4 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/lz4/lz4.git 24 | events: 25 | - introduced: 4ebe313e00aa52c837ee029ede39a0503a8a39c9 26 | - fixed: 910ec80d2856cfa825e2230ff2de8347a4fa4522 27 | ecosystem_specific: 28 | severity: null 29 | versions: [] 30 | schema_version: 1.2.0 31 | -------------------------------------------------------------------------------- /vulns/matio/OSV-2021-1166.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1166 2 | summary: Use-of-uninitialized-value in H5F_addr_decode_len 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37536 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | H5F_addr_decode_len 10 | H5VL_native_token_to_addr 11 | H5VL__native_object_open 12 | ``` 13 | modified: '2022-04-13T03:04:43.193034Z' 14 | published: '2021-08-25T00:01:19.023498Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37536 18 | affected: 19 | - package: 20 | name: matio 21 | ecosystem: OSS-Fuzz 22 | ecosystem_specific: 23 | severity: MEDIUM 24 | versions: [] 25 | -------------------------------------------------------------------------------- /vulns/matio/OSV-2021-162.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-162 2 | summary: Segv on unknown address in Mat_H5ReadNextReferenceData 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29540 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | Mat_H5ReadNextReferenceData 10 | Mat_VarRead73 11 | ReadData 12 | ``` 13 | modified: '2022-04-13T03:04:43.150644Z' 14 | published: '2021-01-13T21:57:38.109120Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29540 18 | affected: 19 | - package: 20 | name: matio 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://git.code.sf.net/p/matio/matio 25 | events: 26 | - introduced: 92e9a90b02cb3af869d86de1a1428b4bd9e6e7a5 27 | - fixed: 59c370cd1ce6f92e7cfa606e50ec12e21e2ca4c6 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/matio/OSV-2021-175.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-175 2 | summary: Heap-buffer-overflow in H5MM_memcpy 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29545 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE {*} 8 | Crash state: 9 | H5MM_memcpy 10 | H5D__scatter_mem 11 | H5D__scatgath_read 12 | ``` 13 | modified: '2022-04-13T03:04:43.091784Z' 14 | published: '2021-01-13T21:57:50.415929Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29545 18 | affected: 19 | - package: 20 | name: matio 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://git.code.sf.net/p/matio/matio 25 | events: 26 | - introduced: 92e9a90b02cb3af869d86de1a1428b4bd9e6e7a5 27 | - fixed: b8156d287254b2fca00f266d4b5b12d982329625 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/matio/OSV-2021-64.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-64 2 | summary: Heap-buffer-overflow in H5MM_memcpy 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29500 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | H5MM_memcpy 10 | H5O_attr_decode 11 | H5O_attr_shared_decode 12 | ``` 13 | modified: '2022-04-13T03:04:42.979046Z' 14 | published: '2021-01-13T00:00:21.822690Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29500 18 | affected: 19 | - package: 20 | name: matio 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: git://git.code.sf.net/p/matio/matio 25 | events: 26 | - introduced: 1ce8f2d1845ecdde19a35605cabdbb884776d52d 27 | - fixed: 36b8c01b1091ab51720ab6697c83534cfcf2e292 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/md4c/OSV-2022-40.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-40 2 | summary: UNKNOWN READ in md_build_attribute 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43587 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | md_build_attribute 10 | md_enter_leave_span_a 11 | md_process_normal_block_contents 12 | ``` 13 | modified: '2022-04-13T03:04:34.866550Z' 14 | published: '2022-01-14T00:00:14.345044Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43587 18 | affected: 19 | - package: 20 | name: md4c 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mity/md4c 25 | events: 26 | - introduced: db9ab417b11eaf96722b6cfb22f8ead5e22513c9 27 | - fixed: 62b60979f6a281b2b3cf883abc84299431fe2f76 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/md4c/OSV-2022-42.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-42 2 | summary: Heap-buffer-overflow in md_decode_utf8__ 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43589 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | md_decode_utf8__ 10 | md_link_label_hash 11 | md_is_link_reference 12 | ``` 13 | modified: '2022-04-13T03:04:34.861184Z' 14 | published: '2022-01-14T00:00:32.201187Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43589 18 | affected: 19 | - package: 20 | name: md4c 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mity/md4c 25 | events: 26 | - introduced: db9ab417b11eaf96722b6cfb22f8ead5e22513c9 27 | - fixed: 62b60979f6a281b2b3cf883abc84299431fe2f76 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2020-14.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-14 2 | summary: Stack-buffer-overflow in fmt_setup 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22507 5 | 6 | ``` 7 | Crash type: Stack-buffer-overflow WRITE 1 8 | Crash state: 9 | fmt_setup 10 | mrb_str_format 11 | mrb_f_sprintf 12 | ``` 13 | modified: '2022-04-13T03:04:39.744094Z' 14 | published: '2020-06-24T01:51:10.171293Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22507 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 191ccbf660b80016c554d9b2d71ba9f0bc6429d8 27 | - fixed: 15c63688e3f1a3c6067e6af70e3e9bf999d91389 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2020-2081.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2081 2 | summary: UNKNOWN READ in presym_sym2name 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26400 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | presym_sym2name 10 | sym2name_len 11 | mrb_sym_name_len 12 | ``` 13 | modified: '2022-04-13T03:04:39.770022Z' 14 | published: '2020-10-18T00:00:15.125270Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26400 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 500f721f7080e79c2e41e306cc1d94471c10f173 27 | - fixed: 3d8a8fb6613f177416cc09e81e2a0082db006926 28 | versions: 29 | - 3.0.0-preview 30 | ecosystem_specific: 31 | severity: MEDIUM 32 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2020-323.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-323 2 | summary: Use-of-uninitialized-value in ht_copy 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15603 5 | 6 | ``` 7 | Crash type: Use-of-uninitialized-value 8 | Crash state: 9 | ht_copy 10 | mrb_hash_dup 11 | mrb_vm_exec 12 | ``` 13 | modified: '2022-04-13T03:04:39.764885Z' 14 | published: '2020-07-01T00:00:02.715402Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15603 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 23783a44300a39efbbc312a6ca22fe61d94db857 27 | - fixed: 8294ce9fd458a0a1acf8fcdcb6161b4a020866ad 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2020-447.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-447 2 | summary: UNKNOWN READ in yyparse 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17968 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | yyparse 10 | mrb_parser_parse 11 | mrb_parse_nstring 12 | ``` 13 | modified: '2022-04-13T03:04:39.703625Z' 14 | published: '2020-07-01T00:00:10.057682Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17968 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: ec6c8b2a3c5c499d8832ef82a2ad941cbac4a80a 27 | - fixed: 264239f78fb9ec8047cf04b82f547fc41d65ab28 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2020-562.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-562 2 | summary: UNKNOWN READ in local_add_lv 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18030 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | local_add_lv 10 | yyparse 11 | mrb_parser_parse 12 | ``` 13 | modified: '2022-04-13T03:04:39.775341Z' 14 | published: '2020-07-01T00:00:17.111214Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18030 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 264239f78fb9ec8047cf04b82f547fc41d65ab28 27 | - fixed: 7750c61e29675e778f7d12119555fafbf85043c9 28 | versions: 29 | - 2.1.0 30 | - 2.1.0-rc 31 | ecosystem_specific: 32 | severity: MEDIUM 33 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2020-739.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-739 2 | summary: UNKNOWN READ in str_decref 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18756 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | str_decref 10 | obj_free 11 | mrb_gc_destroy 12 | ``` 13 | modified: '2022-04-13T03:04:39.688080Z' 14 | published: '2020-07-01T00:00:27.971876Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18756 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: caba5fef274ab7df91b7247182ecbf2483b853b8 27 | - fixed: 45aa5081e418423b47a32a06e0515406f63b64d2 28 | versions: 29 | - 2.1.0 30 | - 2.1.0-rc 31 | ecosystem_specific: 32 | severity: MEDIUM 33 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-1045.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1045 2 | summary: Heap-buffer-overflow in mrb_vm_exec 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36464 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | mrb_vm_exec 10 | mrb_vm_run 11 | mrb_top_run 12 | ``` 13 | modified: '2022-04-13T03:04:39.718834Z' 14 | published: '2021-07-24T00:00:15.642447Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36464 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 47fca90069be44594d75eca69f1d978f5d9b4d65 27 | - fixed: 9c43276eb51d81ed6f62ec1810c944580caebc40 28 | ecosystem_specific: 29 | severity: null 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-1109.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1109 2 | summary: UNKNOWN READ in mrb_check_frozen 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36930 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | mrb_check_frozen 10 | mrb_str_modify_keep_ascii 11 | mrb_str_modify 12 | ``` 13 | modified: '2022-04-13T03:04:39.672881Z' 14 | published: '2021-08-08T00:01:08.045960Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36930 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 1315e8751e70937e4cf43ba9225ea0cfaa67689d 27 | - fixed: 06f49b3f84e799f08a80b16054eda916f2d32819 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-1213.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1213 2 | summary: UNKNOWN WRITE in mrb_vm_exec 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38251 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | mrb_vm_exec 10 | mrb_vm_run 11 | mrb_top_run 12 | ``` 13 | modified: '2022-04-13T03:04:39.667876Z' 14 | published: '2021-09-10T00:00:14.325174Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38251 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 99dbcec89c892bc90f36fbf38e46a9ec971e3a77 27 | - fixed: 3693187beb50e1e4594275238657754890a1ba67 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-1218.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1218 2 | summary: Heap-buffer-overflow in value_move 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38298 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 8 8 | Crash state: 9 | value_move 10 | mrb_ary_splice 11 | mrb_ary_aset 12 | ``` 13 | modified: '2022-04-13T03:04:39.785928Z' 14 | published: '2021-09-10T00:01:30.327601Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38298 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: e4a0728b24831dbe83e3210cefb345d991ebccc6 27 | - fixed: da749d870f4a57df7a05ef4a9ae023602d48af86 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-1340.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1340 2 | summary: Heap-buffer-overflow in mrb_vm_exec 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38989 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | mrb_vm_exec 10 | mrb_vm_run 11 | mrb_top_run 12 | ``` 13 | modified: '2022-04-13T03:04:39.739013Z' 14 | published: '2021-09-21T00:00:36.045422Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38989 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: b1b9b157f85fe371db706e0c11024681d84e4aba 27 | - fixed: 0455313a9bdbe93556a8fd31b7c011dd004a6f2b 28 | ecosystem_specific: 29 | severity: null 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-1448.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1448 2 | summary: Heap-buffer-overflow in mrb_vm_exec 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39947 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 8 8 | Crash state: 9 | mrb_vm_exec 10 | mrb_vm_run 11 | mrb_top_run 12 | ``` 13 | modified: '2022-04-13T03:04:39.723899Z' 14 | published: '2021-10-15T00:00:09.256436Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39947 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: dccd66f9efecd0a974b735c62836fe566015cf37 27 | - fixed: 36efd018e2d297636a3aa2799d214a8675a14e0c 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-794.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-794 2 | summary: Heap-buffer-overflow in mrb_format_float 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34652 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 1 8 | Crash state: 9 | mrb_format_float 10 | fmt_float 11 | mrb_str_format 12 | ``` 13 | modified: '2022-04-13T03:04:39.693249Z' 14 | published: '2021-05-25T23:49:50.285850Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34652 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 5c7fe225a6d675f3e213f8792f116035a35c63a4 27 | - fixed: 063b49ab8e6a10212c7f88e5b114b90fe59296f7 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-799.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-799 2 | summary: UNKNOWN READ in mrb_ary_shift_m 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34691 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | mrb_ary_shift_m 10 | mrb_vm_exec 11 | mrb_vm_run 12 | ``` 13 | modified: '2022-04-13T03:04:39.713825Z' 14 | published: '2021-05-27T00:00:07.387216Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34691 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 9f77232b71597dbef3907ae4aaae1a5530889e56 27 | - fixed: 9a72869043e0377ec549a325a074e592f82ef5ed 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-849.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-849 2 | summary: Negative-size-param in mrb_str_format 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35109 5 | 6 | ``` 7 | Crash type: Negative-size-param 8 | Crash state: 9 | mrb_str_format 10 | mrb_f_sprintf 11 | mrb_vm_exec 12 | ``` 13 | modified: '2022-04-13T03:04:39.728879Z' 14 | published: '2021-06-11T00:01:20.115204Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35109 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 972cc8b5a8c0378c391f981153ccdccf24c89d21 27 | - fixed: 62f4cc8cd1d5839153eb364c1c095df64d7cdc22 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-912.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-912 2 | summary: Heap-buffer-overflow in mrb_vm_exec 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35712 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | mrb_vm_exec 10 | mrb_vm_run 11 | mrb_top_run 12 | ``` 13 | modified: '2022-04-13T03:04:39.677891Z' 14 | published: '2021-07-03T00:00:06.973804Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35712 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 99dbcec89c892bc90f36fbf38e46a9ec971e3a77 27 | - fixed: a624da6fdb160b9a70a96c1ffe9dec017d7f5cb4 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-913.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-913 2 | summary: Heap-buffer-overflow in dispatch 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35727 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | dispatch 10 | dispatch_linked 11 | codegen 12 | ``` 13 | modified: '2022-04-13T03:04:39.790952Z' 14 | published: '2021-07-03T00:00:29.297612Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35727 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 99dbcec89c892bc90f36fbf38e46a9ec971e3a77 27 | - fixed: a6657afab9ffb258b01b3d6e485a86328bf4d40e 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2021-914.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-914 2 | summary: UNKNOWN READ in mrb_vm_ci_env 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35718 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | mrb_vm_ci_env 10 | cipop 11 | mrb_vm_exec 12 | ``` 13 | modified: '2022-04-13T03:04:39.759907Z' 14 | published: '2021-07-03T00:01:26.278614Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35718 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/mruby/mruby 25 | events: 26 | - introduced: 99dbcec89c892bc90f36fbf38e46a9ec971e3a77 27 | - fixed: a624da6fdb160b9a70a96c1ffe9dec017d7f5cb4 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/mruby/OSV-2022-562.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-562 2 | summary: UNKNOWN WRITE in udiv 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48904 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | udiv 10 | mrb_bint_mod 11 | int_mod 12 | ``` 13 | modified: '2022-07-10T00:01:06.488225Z' 14 | published: '2022-07-10T00:01:06.487981Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48904 18 | affected: 19 | - package: 20 | name: mruby 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/mruby 23 | ranges: 24 | - type: GIT 25 | repo: https://github.com/mruby/mruby 26 | events: 27 | - introduced: 872020bb3d85ba4066ec19cfcad375e51fdf024b 28 | - fixed: 8d349815309e374b545deb4d4202323c7bc5bd28 29 | ecosystem_specific: 30 | severity: HIGH 31 | versions: [] 32 | schema_version: 1.2.0 33 | -------------------------------------------------------------------------------- /vulns/nanopb/OSV-2020-1565.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1565 2 | summary: Heap-buffer-overflow in allocate_field 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24586 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 8 8 | Crash state: 9 | allocate_field 10 | pb_dec_string 11 | decode_basic_field 12 | ``` 13 | modified: '2022-04-13T03:04:32.612067Z' 14 | published: '2020-08-02T00:00:39.707050Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24586 18 | affected: 19 | - package: 20 | name: nanopb 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/nanopb/nanopb 25 | events: 26 | - introduced: a5988446e6a257a1c968f8a7a6366f5101d85413 27 | - fixed: cf507d1b1e71b45136ca2bd7d37b7b4958443cd1 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-1717.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1717 2 | summary: Segv on unknown address in ndpi_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25468 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | ndpi_free 10 | ndpi_free_flow 11 | fuzz_process_packet.c 12 | ``` 13 | modified: '2022-04-13T03:04:35.983028Z' 14 | published: '2020-09-08T00:01:04.525214Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25468 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 7a1147d733dc2a43c375207747e8c4587af83388 27 | - fixed: 53a5c354d833770196852ee94b0abefb73ffd8b8 28 | versions: 29 | - '3.4' 30 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-177.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-177 2 | summary: UNKNOWN in get_ndpi_flow_info6 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20747 5 | 6 | ``` 7 | Crash type: UNKNOWN 8 | Crash state: 9 | get_ndpi_flow_info6 10 | packet_processing 11 | ndpi_workflow_process_packet 12 | ``` 13 | modified: '2022-04-13T03:04:36.058542Z' 14 | published: '2020-06-24T01:51:17.542041Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20747 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 812505b56bb4508bc42e1615d6425ad26444d3f8 27 | - fixed: 90e08b3568d8963a459cf06c4e67ff6fc99298e3 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-179.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-179 2 | summary: Heap-buffer-overflow in get16 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20832 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 2 8 | Crash state: 9 | get16 10 | search_valid_dns 11 | ndpi_search_dns 12 | ``` 13 | modified: '2022-04-13T03:04:36.237311Z' 14 | published: '2020-06-24T01:51:17.643208Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20832 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 5c52c00ea4ad8afaebd5259bc53215a1ab41569f 27 | - fixed: fe513014a8f5156b243ec2eb5e6862a0506c6632 28 | versions: 29 | - '3.2' 30 | ecosystem_specific: 31 | severity: MEDIUM 32 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-1884.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1884 2 | summary: Segv on unknown address in process_ndpi_collected_info 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26015 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | process_ndpi_collected_info 10 | packet_processing 11 | ndpi_workflow_process_packet 12 | ``` 13 | modified: '2022-04-13T03:04:36.150971Z' 14 | published: '2020-09-29T00:00:42.406138Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26015 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 4a09b4efa053a26e187119a540da4b41dd8a24d8 27 | - fixed: 5f7b9d802498215f5769a8bfa39d92356da2cfdd 28 | versions: 29 | - '3.4' 30 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-2206.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2206 2 | summary: Segv on unknown address in ndpi_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27988 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | ndpi_free 10 | ndpi_free_flow 11 | fuzz_process_packet.c 12 | ``` 13 | modified: '2022-04-13T03:04:36.047885Z' 14 | published: '2020-11-29T00:00:04.133863Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27988 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 7a1147d733dc2a43c375207747e8c4587af83388 27 | - fixed: 0fceb6576aeb76b78ad9c19c86830fba694cfd5d 28 | versions: 29 | - '3.4' 30 | ecosystem_specific: 31 | severity: HIGH 32 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-28.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-28 2 | summary: Heap-buffer-overflow in get16 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20712 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 2 8 | Crash state: 9 | get16 10 | search_valid_dns 11 | ndpi_search_dns 12 | ``` 13 | modified: '2022-04-13T03:04:35.955967Z' 14 | published: '2020-06-24T01:51:10.866720Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20712 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 5c52c00ea4ad8afaebd5259bc53215a1ab41569f 27 | - fixed: 90e08b3568d8963a459cf06c4e67ff6fc99298e3 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-780.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-780 2 | summary: Segv on unknown address in ndpi_strdup 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22676 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | ndpi_strdup 10 | process_ndpi_collected_info 11 | packet_processing 12 | ``` 13 | modified: '2022-04-13T03:04:36.080614Z' 14 | published: '2020-07-14T05:37:32.263949Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22676 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 4a09b4efa053a26e187119a540da4b41dd8a24d8 27 | - fixed: 204f3ddff5efc929095556ed22ec62d18bef6324 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/ndpi/OSV-2020-806.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-806 2 | summary: Segv on unknown address in process_ndpi_collected_info 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22122 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | process_ndpi_collected_info 10 | packet_processing 11 | ndpi_workflow_process_packet 12 | ``` 13 | modified: '2022-04-13T03:04:35.988021Z' 14 | published: '2020-07-14T05:37:42.995133Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22122 18 | affected: 19 | - package: 20 | name: ndpi 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/ntop/nDPI.git 25 | events: 26 | - introduced: 4a09b4efa053a26e187119a540da4b41dd8a24d8 27 | - fixed: d90b333363b157d8eab9205430c83dab986ff965 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/nestegg/OSV-2020-633.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-633 2 | summary: Global-buffer-overflow in ne_find_element 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15056 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 8 8 | Crash state: 9 | ne_find_element 10 | ne_parse 11 | nestegg_init 12 | ``` 13 | modified: '2022-04-13T03:04:39.336465Z' 14 | published: '2020-07-01T00:00:21.552705Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15056 18 | affected: 19 | - package: 20 | name: nestegg 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/kinetiknz/nestegg.git 25 | events: 26 | - introduced: 97508e2e9a01f38abdc1910ea754c6ea98d126fa 27 | - fixed: 9d5b774db2bb5a982c1438a17ad1bcaf6ea03cbd 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/net-snmp/OSV-2021-1105.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1105 2 | summary: Heap-buffer-overflow in read_config 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36908 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | read_config 10 | snmp_config_fuzzer.c 11 | ``` 12 | modified: '2022-04-13T03:04:35.827176Z' 13 | published: '2021-08-07T00:03:09.706987Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36908 17 | affected: 18 | - package: 19 | name: net-snmp 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/net-snmp/net-snmp 24 | events: 25 | - introduced: 21ee65f8bac93d336e0b472dd3ccf44b3b32f2af 26 | - fixed: 4f4a37ee1825d8e723364af6ec84c109594cd29c 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/net-snmp/OSV-2021-1167.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1167 2 | summary: Heap-buffer-overflow in snmp_add_var 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37564 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | snmp_add_var 10 | snmp_api_fuzzer.c 11 | ``` 12 | modified: '2022-04-13T03:04:35.811191Z' 13 | published: '2021-08-25T00:01:21.513657Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37564 17 | affected: 18 | - package: 19 | name: net-snmp 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/net-snmp/net-snmp 24 | events: 25 | - introduced: 0c7cf9c46d00a3b52c1fc4255375a06df18e17cb 26 | - fixed: d9cab398b816a610bb6de98e7a0b1e71e5ebff76 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/net-snmp/OSV-2021-1172.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1172 2 | summary: UNKNOWN WRITE in snmp_add_var 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37647 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | snmp_add_var 10 | snmp_api_fuzzer.c 11 | ``` 12 | modified: '2022-04-13T03:04:35.816547Z' 13 | published: '2021-08-27T00:00:41.017168Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37647 17 | affected: 18 | - package: 19 | name: net-snmp 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/net-snmp/net-snmp 24 | events: 25 | - introduced: 0c7cf9c46d00a3b52c1fc4255375a06df18e17cb 26 | - fixed: d9cab398b816a610bb6de98e7a0b1e71e5ebff76 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/net-snmp/OSV-2021-1179.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1179 2 | summary: UNKNOWN READ 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37759 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | NULL``` 10 | modified: '2022-04-13T03:04:35.832327Z' 11 | published: '2021-08-30T00:00:39.163462Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37759 15 | affected: 16 | - package: 17 | name: net-snmp 18 | ecosystem: OSS-Fuzz 19 | ranges: 20 | - type: GIT 21 | repo: https://github.com/net-snmp/net-snmp 22 | events: 23 | - introduced: 0c7cf9c46d00a3b52c1fc4255375a06df18e17cb 24 | - fixed: d9cab398b816a610bb6de98e7a0b1e71e5ebff76 25 | ecosystem_specific: 26 | severity: HIGH 27 | versions: [] 28 | -------------------------------------------------------------------------------- /vulns/net-snmp/OSV-2022-705.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-705 2 | summary: Heap-buffer-overflow in netsnmp_memdup 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50096 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ {*} 8 | Crash state: 9 | netsnmp_memdup 10 | snmp_api_fuzzer.c 11 | ``` 12 | modified: '2022-08-13T00:00:24.016796Z' 13 | published: '2022-08-13T00:00:24.016550Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50096 17 | affected: 18 | - package: 19 | name: net-snmp 20 | ecosystem: OSS-Fuzz 21 | purl: pkg:generic/net-snmp 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/net-snmp/net-snmp 25 | events: 26 | - introduced: 90aa2c37dc6a8bc280951ec6b6efe9714b0ef4de 27 | ecosystem_specific: 28 | severity: MEDIUM 29 | versions: [] 30 | schema_version: 1.2.0 31 | -------------------------------------------------------------------------------- /vulns/net-snmp/OSV-2025-178.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2025-178 2 | summary: Heap-buffer-overflow in usm_set_user_password 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399458050 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 9 8 | Crash state: 9 | usm_set_user_password 10 | usm_set_password 11 | run_config_handler 12 | ``` 13 | modified: '2025-02-28T00:16:54.655745Z' 14 | published: '2025-02-28T00:16:54.655227Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399458050 18 | affected: 19 | - package: 20 | name: net-snmp 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/net-snmp 23 | ecosystem_specific: 24 | severity: HIGH 25 | versions: [] 26 | schema_version: 1.6.0 27 | -------------------------------------------------------------------------------- /vulns/open62541/OSV-2017-78.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2017-78 2 | summary: Negative-size-param in UA_SecureChannel_processChunk 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3609 5 | 6 | ``` 7 | Crash type: Negative-size-param 8 | Crash state: 9 | UA_SecureChannel_processChunk 10 | processCompleteChunk 11 | UA_Connection_processChunks 12 | ``` 13 | modified: '2022-04-13T03:04:41.415024Z' 14 | published: '2021-01-13T21:57:35.111717Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3609 18 | affected: 19 | - package: 20 | name: open62541 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/open62541/open62541.git 25 | events: 26 | - introduced: 84d46ddefe21c7eb5f678a5046fa200ac1b4e617 27 | - fixed: 3e9fdcb66c5a1adf0e1cdc9485b4e6efe8103e1b 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/open62541/OSV-2020-308.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-308 2 | summary: Heap-buffer-overflow in UA_copy 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15152 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE {*} 8 | Crash state: 9 | UA_copy 10 | RefTree_add 11 | Operation_Browse 12 | ``` 13 | modified: '2022-04-13T03:04:41.293776Z' 14 | published: '2020-06-30T00:00:49.384650Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15152 18 | affected: 19 | - package: 20 | name: open62541 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/open62541/open62541.git 25 | events: 26 | - introduced: 9789cdcdb64377bc449e78f6bdc6568d2c53edc7 27 | - fixed: 054f460d6e9e98deba186eee6bd956756dfc89e0 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/opensc/OSV-2020-452.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-452 2 | summary: UNKNOWN READ in _fini 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18611 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | _fini 10 | ``` 11 | modified: '2022-04-13T03:04:41.608146Z' 12 | published: '2020-07-01T00:00:10.397492Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18611 16 | affected: 17 | - package: 18 | name: opensc 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/OpenSC/OpenSC 23 | events: 24 | - introduced: 61cd7fcdb2fdc9214b431abb631b202314dcc32f 25 | - fixed: 7a1e42e1352201127d1a97b6cb5f41e48cace0f5 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/opensc/OSV-2020-525.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-525 2 | summary: UNKNOWN READ in parse_sec_attr_44 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | parse_sec_attr_44 10 | setcos_select_file 11 | sc_select_file 12 | ``` 13 | modified: '2022-04-13T03:04:41.629362Z' 14 | published: '2020-07-01T00:00:14.612318Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 18 | affected: 19 | - package: 20 | name: opensc 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/OpenSC/OpenSC 25 | events: 26 | - introduced: 6810eb6cf13f97ff20c5c68f49bef70ae977ddea 27 | - fixed: 7a1e42e1352201127d1a97b6cb5f41e48cace0f5 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/opensc/OSV-2020-55.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-55 2 | summary: Stack-buffer-overflow in tcos_decipher 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 5 | 6 | ``` 7 | Crash type: Stack-buffer-overflow WRITE {*} 8 | Crash state: 9 | tcos_decipher 10 | sc_decipher 11 | use_key 12 | ``` 13 | modified: '2022-04-13T03:04:41.675366Z' 14 | published: '2020-06-24T01:51:12.036793Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 18 | affected: 19 | - package: 20 | name: opensc 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/OpenSC/OpenSC 25 | events: 26 | - introduced: 508f8a9fced369f60e6f0c0f62176ea9427fbf42 27 | - fixed: 9d294de90d1cc66956389856e60b6944b27b4817 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/opensc/OSV-2020-680.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-680 2 | summary: Bad-free in sc_pkcs15_decode_prkdf_entry 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18482 5 | 6 | ``` 7 | Crash type: Bad-free 8 | Crash state: 9 | sc_pkcs15_decode_prkdf_entry 10 | fuzz_pkcs15_decode.c 11 | ``` 12 | modified: '2022-04-13T03:04:41.639666Z' 13 | published: '2020-07-01T00:00:24.475752Z' 14 | references: 15 | - type: REPORT 16 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18482 17 | affected: 18 | - package: 19 | name: opensc 20 | ecosystem: OSS-Fuzz 21 | ranges: 22 | - type: GIT 23 | repo: https://github.com/OpenSC/OpenSC 24 | events: 25 | - introduced: 630d6adf32cecaab0ee184618f56497bd50400fb 26 | - fixed: 6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 27 | versions: [] 28 | -------------------------------------------------------------------------------- /vulns/opensc/OSV-2020-885.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-885 2 | summary: Stack-use-after-scope in coolkey_apdu_io 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23979 5 | 6 | ``` 7 | Crash type: Stack-use-after-scope READ 8 8 | Crash state: 9 | coolkey_apdu_io 10 | coolkey_rsa_op 11 | coolkey_compute_crypt 12 | ``` 13 | modified: '2022-04-13T03:04:41.670487Z' 14 | published: '2020-07-14T22:13:58.474226Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23979 18 | affected: 19 | - package: 20 | name: opensc 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/OpenSC/OpenSC 25 | events: 26 | - introduced: 43379b3b22f65f97a83de422f6a3b37fdfb2b138 27 | - fixed: cdbcb5b7db8766d6ea9da6912755ed335780f2f9 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/openssl/OSV-2020-29.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-29 2 | summary: Heap-use-after-free in CRYPTO_DOWN_REF 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20816 5 | 6 | ``` 7 | Crash type: Heap-use-after-free WRITE 4 8 | Crash state: 9 | CRYPTO_DOWN_REF 10 | DH_free 11 | evp_pkey_free_it 12 | ``` 13 | modified: '2022-04-13T03:04:38.773716Z' 14 | published: '2020-06-24T01:51:10.908381Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20816 18 | affected: 19 | - package: 20 | name: openssl 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/openssl/openssl.git 25 | events: 26 | - introduced: ada66e78ef535fe80e422bbbadffe8e7863d457c 27 | - fixed: fe56d5951f0b42fd3ff1cf42a96d07f06f9692bc 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/openssl/OSV-2020-430.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-430 2 | summary: Stack-use-after-return in OSSL_PARAM_get_int32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15114 5 | 6 | ``` 7 | Crash type: Stack-use-after-return READ 4 8 | Crash state: 9 | OSSL_PARAM_get_int32 10 | md5_sha1_set_params 11 | ssl3_final_finish_mac 12 | ``` 13 | modified: '2022-04-13T03:04:38.763723Z' 14 | published: '2020-07-01T00:00:09.096641Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15114 18 | affected: 19 | - package: 20 | name: openssl 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/openssl/openssl.git 25 | events: 26 | - introduced: d5e5e2ffafc7dbc861f7d285508cf129c5e8f5ac 27 | - fixed: 83b4a24384e62ed8cf91f51bf9a303f98017e13e 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/php/OSV-2020-1525.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1525 2 | summary: UNKNOWN in zend_ast_export_ex 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24405 5 | 6 | ``` 7 | Crash type: UNKNOWN 8 | Crash state: 9 | zend_ast_export_ex 10 | zend_ast_export_ex 11 | zend_ast_export_ex 12 | ``` 13 | modified: '2022-04-13T03:04:33.427807Z' 14 | published: '2020-07-28T00:00:36.992692Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24405 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/php/php-src.git 25 | events: 26 | - introduced: 9bf119832dbf625174794834c71b1e793450d87f 27 | - fixed: 041cbec0230bbe4d509c63ac856d1bd270977944 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/php/OSV-2020-1762.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1762 2 | summary: Heap-use-after-free in gc_mark_grey 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23350 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 4 8 | Crash state: 9 | gc_mark_grey 10 | gc_mark_roots 11 | zend_gc_collect_cycles 12 | ``` 13 | modified: '2022-04-13T03:04:33.611778Z' 14 | published: '2020-09-16T00:00:06.911473Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23350 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/php/php-src.git 25 | events: 26 | - introduced: 48a34bc1202e9664121c9e9aa004c79ac71af3f5 27 | - fixed: cb0fa99174fa2af6f626509b85845ff599557615 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/php/OSV-2020-1768.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1768 2 | summary: Memcpy-param-overlap in zend_lex_tstring 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23547 5 | 6 | ``` 7 | Crash type: Memcpy-param-overlap 8 | Crash state: 9 | zend_lex_tstring 10 | zendparse 11 | zend_compile 12 | ``` 13 | modified: '2022-04-13T03:04:33.439261Z' 14 | published: '2020-09-16T00:00:23.588932Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23547 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/php/php-src.git 25 | events: 26 | - introduced: b03cafd19c01db57b89727ce77cc89a7d816077c 27 | - fixed: aa2e68cf6e4adcaaf884ea6b17f182e3be552fa7 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/php/OSV-2021-651.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-651 2 | summary: Heap-use-after-free in zend_gc_delref 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33335 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 4 8 | Crash state: 9 | zend_gc_delref 10 | zval_delref_p 11 | zval_ptr_dtor_nogc 12 | ``` 13 | modified: '2022-04-13T03:04:33.417391Z' 14 | published: '2021-04-18T00:00:25.691271Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33335 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/php/php-src.git 25 | events: 26 | - introduced: 0fdf668dce21a2bdab5f0d76b3b8dc3879e661fd 27 | - fixed: 08dafda1232ffb70d878cb9b334982163aa32357 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/php/OSV-2023-38.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-38 2 | summary: Heap-use-after-free in zend_generator_dtor_storage 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55519 5 | 6 | ``` 7 | Crash type: Heap-use-after-free WRITE 4 8 | Crash state: 9 | zend_generator_dtor_storage 10 | zend_objects_store_call_destructors 11 | shutdown_destructors 12 | ``` 13 | modified: '2023-01-31T13:01:02.586574Z' 14 | published: '2023-01-31T13:01:02.586300Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55519 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/php 23 | ecosystem_specific: 24 | severity: HIGH 25 | versions: [] 26 | schema_version: 1.3.0 27 | -------------------------------------------------------------------------------- /vulns/php/OSV-2023-49.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-49 2 | summary: Heap-buffer-overflow in lex_scan 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55654 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | lex_scan 10 | zendlex 11 | zendparse 12 | ``` 13 | modified: '2023-02-05T13:00:15.922227Z' 14 | published: '2023-02-05T13:00:15.921972Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55654 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/php 23 | ecosystem_specific: 24 | severity: MEDIUM 25 | versions: [] 26 | schema_version: 1.3.0 27 | -------------------------------------------------------------------------------- /vulns/php/OSV-2023-69.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-69 2 | summary: Heap-use-after-free in zend_ast_evaluate_inner 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56021 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 4 8 | Crash state: 9 | zend_ast_evaluate_inner 10 | zend_ast_evaluate_ex 11 | zval_update_constant_with_ctx 12 | ``` 13 | modified: '2023-02-17T13:02:09.653400Z' 14 | published: '2023-02-17T13:02:09.653146Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56021 18 | affected: 19 | - package: 20 | name: php 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/php 23 | ecosystem_specific: 24 | severity: HIGH 25 | versions: [] 26 | schema_version: 1.3.0 27 | -------------------------------------------------------------------------------- /vulns/qemu/OSV-2021-532.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-532 2 | summary: UNKNOWN READ in address_space_lookup_region 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32125 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | address_space_lookup_region 10 | address_space_translate_internal 11 | flatview_do_translate 12 | ``` 13 | modified: '2022-04-13T03:04:33.298087Z' 14 | published: '2021-03-18T00:00:51.364610Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32125 18 | affected: 19 | - package: 20 | name: qemu 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://git.qemu.org/git/qemu.git 25 | events: 26 | - introduced: 49ac51ae8048661c8fa9ad45b008e15bce1decaf 27 | - fixed: fc253f4a4b59e19c25df21232651d9c92220011f 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2018-194.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-194 2 | summary: Heap-use-after-free in r_core_task_decref 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11359 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 8 8 | Crash state: 9 | r_core_task_decref 10 | r_list_delete 11 | r_list_purge 12 | ``` 13 | modified: '2022-04-13T03:04:36.620847Z' 14 | published: '2021-01-13T00:01:20.948805Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11359 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 77d80106e65ed4ff3ba5faf568b078648faed94f 27 | - fixed: 5783cf42c40aaed9b9180ae7069c7a60ea86dc45 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-377.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-377 2 | summary: Heap-buffer-overflow in symbols 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15004 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | symbols 10 | r_bin_object_set_items 11 | r_bin_object_new 12 | ``` 13 | modified: '2022-04-13T03:04:36.709304Z' 14 | published: '2020-07-01T00:00:06.002017Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15004 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: a875795bb5d8c216fa17d685b49784c4d5c93f87 27 | - fixed: 9392fc7117dd5240c76d8ab81d84b482bc968339 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-399.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-399 2 | summary: Heap-use-after-free in sdb_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13704 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 8 8 | Crash state: 9 | sdb_free 10 | ns_free 11 | sdb_ns_free 12 | ``` 13 | modified: '2022-04-13T03:04:36.584151Z' 14 | published: '2020-07-01T00:00:07.312045Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13704 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 917fcda0ad78ff0f444e9807838b1e4b86349cd0 27 | - fixed: 5d65cbe1f7d677a22c0fca593dcae1aebf8cf35b 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-440.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-440 2 | summary: UNKNOWN READ in r_uleb128 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13915 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | r_uleb128 10 | parse_class 11 | dex_loadcode 12 | ``` 13 | modified: '2022-04-13T03:04:36.683164Z' 14 | published: '2020-07-01T00:00:09.710794Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13915 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 3f4580b0319ec4a4bcaa2fc8fbd608be948ec054 27 | - fixed: 118bf6a693ef0a349959919fd6217e70a26ddf62 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-490.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-490 2 | summary: Heap-double-free in _free_resources 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12945 5 | 6 | ``` 7 | Crash type: Heap-double-free 8 | Crash state: 9 | _free_resources 10 | r_list_delete 11 | r_list_purge 12 | ``` 13 | modified: '2022-04-13T03:04:36.610309Z' 14 | published: '2020-07-01T00:00:12.658645Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12945 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: b022c9533482a8f1c9ae825ced5c1a3e251837d9 27 | - fixed: 149cb3587e4cd3928f8f56553ecfeaac15452585 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-574.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-574 2 | summary: Negative-size-param in r_buf_read 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14832 5 | 6 | ``` 7 | Crash type: Negative-size-param 8 | Crash state: 9 | r_buf_read 10 | bin_pe_get_certificate 11 | bin_pe_init 12 | ``` 13 | modified: '2022-04-13T03:04:36.642767Z' 14 | published: '2020-07-01T00:00:17.857259Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14832 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 66f7403245c923c192019ef0219f67b9928b39da 27 | - fixed: 9392fc7117dd5240c76d8ab81d84b482bc968339 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-625.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-625 2 | summary: Heap-buffer-overflow in r_read_le32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13945 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | r_read_le32 10 | r_read_le64 11 | is_kernelcache 12 | ``` 13 | modified: '2022-04-13T03:04:36.511291Z' 14 | published: '2020-07-01T00:00:21.112433Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13945 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 2f9873bdf176c462b72a171044c10a8763689e89 27 | - fixed: d271da09ab6cf4817cfabede153e6bd547118cdd 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-642.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-642 2 | summary: Stack-use-after-return in sdb_itoa 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12751 5 | 6 | ``` 7 | Crash type: Stack-use-after-return WRITE 1 8 | Crash state: 9 | sdb_itoa 10 | _parse_resource_directory 11 | _parse_resource_directory 12 | ``` 13 | modified: '2022-04-13T03:04:36.704321Z' 14 | published: '2020-07-01T00:00:22.087933Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12751 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: b022c9533482a8f1c9ae825ced5c1a3e251837d9 27 | - fixed: 56f5eaf18ed51fbf279a1911224be9863e8e4285 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-677.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-677 2 | summary: Heap-buffer-overflow in load 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15007 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | load 10 | r_bin_object_new 11 | r_bin_file_new_from_buffer 12 | ``` 13 | modified: '2022-04-13T03:04:36.599691Z' 14 | published: '2020-07-01T00:00:24.199741Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15007 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: a875795bb5d8c216fa17d685b49784c4d5c93f87 27 | - fixed: 9392fc7117dd5240c76d8ab81d84b482bc968339 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-694.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-694 2 | summary: Heap-buffer-overflow in r_read_le32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13942 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | r_read_le32 10 | is_kernelcache 11 | check_bytes 12 | ``` 13 | modified: '2022-04-13T03:04:36.688296Z' 14 | published: '2020-07-01T00:00:25.229524Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13942 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 118bf6a693ef0a349959919fd6217e70a26ddf62 27 | - fixed: d271da09ab6cf4817cfabede153e6bd547118cdd 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-7.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-7 2 | summary: Segv on unknown address in pvector_free_elem 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22734 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | pvector_free_elem 10 | vector_free_elems 11 | r_vector_clear 12 | ``` 13 | modified: '2022-04-13T03:04:36.625957Z' 14 | published: '2020-06-24T01:51:09.499211Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22734 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 0b91114d7d528f88e3b85f40c6bd1eabb0ee6319 27 | - fixed: ee9025c9170c15dea5e68d4d5179d41e78868493 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2020-722.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-722 2 | summary: Heap-buffer-overflow in r_buf_read 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15218 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE {*} 8 | Crash state: 9 | r_buf_read 10 | parse_function_starts 11 | init_items 12 | ``` 13 | modified: '2022-04-13T03:04:36.653138Z' 14 | published: '2020-07-01T00:00:26.690009Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15218 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radare/radare2 25 | events: 26 | - introduced: 66f7403245c923c192019ef0219f67b9928b39da 27 | - fixed: 2ec8d3c9f2103c7da8bcb7d864db000b9e93a05a 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/radare2/OSV-2021-1786.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1786 2 | summary: Segv on unknown address in r_buf_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43092 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | r_buf_free 10 | destroy 11 | r_bin_file_free 12 | ``` 13 | modified: '2022-04-13T03:04:36.579017Z' 14 | published: '2021-12-31T00:00:11.428301Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43092 18 | affected: 19 | - package: 20 | name: radare2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/radareorg/radare2 25 | events: 26 | - introduced: 3b04d3ef4093dafeff72e22589a3598ca0202ac9 27 | - fixed: 500686304a355ef007875d841c848275487f7626 28 | ecosystem_specific: 29 | severity: null 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/readstat/OSV-2020-474.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-474 2 | summary: Bad-free in spss_varinfo_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12595 5 | 6 | ``` 7 | Crash type: Bad-free 8 | Crash state: 9 | spss_varinfo_free 10 | sav_read_variable_record 11 | sav_parse_records_pass2 12 | ``` 13 | modified: '2022-04-13T03:04:40.630289Z' 14 | published: '2020-07-01T00:00:11.710738Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12595 18 | affected: 19 | - package: 20 | name: readstat 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/WizardMac/ReadStat 25 | events: 26 | - introduced: d2b73886878945df2b95d3c76d13df508f41f0b4 27 | - fixed: 14265e717e48fc877697a27f1bee232116ce21e5 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/serenity/OSV-2021-445.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-445 2 | summary: Global-buffer-overflow in AK::StringView::operator== 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31338 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 1 8 | Crash state: 9 | AK::StringView::operator== 10 | = 11 | Markdown::Table::parse 12 | ``` 13 | modified: '2022-04-13T03:04:32.160533Z' 14 | published: '2021-02-25T00:00:11.169626Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31338 18 | affected: 19 | - package: 20 | name: serenity 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/SerenityOS/serenity 25 | events: 26 | - introduced: 31ac93d051be5be78419ed16da9fcae9783eb4e6 27 | - fixed: 42133a196a0bea83705b5947921d5c7e5b9f201d 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/serenity/OSV-2021-514.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-514 2 | summary: UNKNOWN READ in _fini 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31953 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | _fini 10 | ``` 11 | modified: '2022-04-13T03:04:32.242907Z' 12 | published: '2021-03-12T00:00:13.850530Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31953 16 | affected: 17 | - package: 18 | name: serenity 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/SerenityOS/serenity 23 | events: 24 | - introduced: 51b880b0383089822f513330cd64f93b54b9f21c 25 | - fixed: 09bd5f8772156f0031a3fa914bed2371429d09a0 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/simdjson/OSV-2020-2119.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2119 2 | summary: UNKNOWN READ in numberparsing.h 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26858 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | numberparsing.h 10 | ``` 11 | modified: '2022-04-13T03:04:31.438301Z' 12 | published: '2020-11-02T00:00:15.881957Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26858 16 | affected: 17 | - package: 18 | name: simdjson 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/simdjson/simdjson.git 23 | events: 24 | - introduced: b7fe764e6c55d112f4f52f72b58ea3e0893a9120 25 | - fixed: 0b82f071157db9848f45dd8cf07ced05c8eb8022 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/stb/OSV-2020-1478.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1478 2 | summary: Heap-buffer-overflow in load_jpeg_image 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23153 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | load_jpeg_image 10 | stbi__jpeg_load 11 | stbi__load_main 12 | ``` 13 | modified: '2022-04-13T03:04:40.801582Z' 14 | published: '2020-07-28T00:00:27.954104Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23153 18 | affected: 19 | - package: 20 | name: stb 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/nothings/stb.git 25 | events: 26 | - introduced: f54acd4e13430c5122cab4ca657705c84aa61b08 27 | - fixed: 5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/sudoers/OSV-2021-1122.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1122 2 | summary: Heap-double-free in sudoers_gc_run 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37056 5 | 6 | ``` 7 | Crash type: Heap-double-free 8 | Crash state: 9 | sudoers_gc_run 10 | fuzz_policy.c 11 | resolve_editor 12 | ``` 13 | modified: '2022-04-13T03:04:39.321318Z' 14 | published: '2021-08-12T00:01:58.667720Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37056 18 | affected: 19 | - package: 20 | name: sudoers 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/sudo-project/sudo 25 | events: 26 | - introduced: 9798fd86bf14122098474544ca8ebc32815d242f 27 | - fixed: ffdd7920cd98b495a42775bb35012ec259e33a46 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/sudoers/OSV-2021-413.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-413 2 | summary: UNKNOWN WRITE in sudo_user_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31042 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | sudo_user_free 10 | sudoers_policy_close 11 | fuzz_policy.c 12 | ``` 13 | modified: '2022-04-13T03:04:39.331541Z' 14 | published: '2021-02-18T00:02:34.207161Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31042 18 | affected: 19 | - package: 20 | name: sudoers 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/sudo-project/sudo 25 | events: 26 | - introduced: d2350833420195c1d10d957699524f5b229da454 27 | - fixed: ae3a098d2f0988b63a780523a006a3db8e8b3872 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/sudoers/OSV-2021-441.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-441 2 | summary: UNKNOWN WRITE in sudoers_lookup_check 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31250 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | sudoers_lookup_check 10 | sudoers_lookup 11 | fuzz_sudoers.c 12 | ``` 13 | modified: '2022-04-13T03:04:39.326513Z' 14 | published: '2021-02-24T00:00:14.005613Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31250 18 | affected: 19 | - package: 20 | name: sudoers 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/sudo-project/sudo 25 | events: 26 | - introduced: df42c0c1d252db7528ab0dbf6c7b1aeaf0e2a4c7 27 | - fixed: 322e0b3693fa43d281ffe082a1e08e523e8dd17f 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/suricata/OSV-2021-1634.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1634 2 | summary: Dynamic-stack-buffer-overflow in OutputJsonDNP3SetItem 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41487 5 | 6 | ``` 7 | Crash type: Dynamic-stack-buffer-overflow READ 4 8 | Crash state: 9 | OutputJsonDNP3SetItem 10 | JsonDNP3LogObjects 11 | JsonDNP3LogResponse 12 | ``` 13 | modified: '2022-04-13T03:04:32.759081Z' 14 | published: '2021-11-30T00:00:09.401031Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41487 18 | affected: 19 | - package: 20 | name: suricata 21 | ecosystem: OSS-Fuzz 22 | ecosystem_specific: 23 | severity: null 24 | versions: [] 25 | -------------------------------------------------------------------------------- /vulns/suricata/OSV-2022-1162.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-1162 2 | summary: Null-dereference READ 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53181 5 | 6 | ``` 7 | Crash type: Null-dereference READ 8 | Crash state: 9 | NULL``` 10 | modified: '2022-11-11T13:00:54.864997Z' 11 | published: '2022-11-11T13:00:54.864747Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53181 15 | affected: 16 | - package: 17 | name: suricata 18 | ecosystem: OSS-Fuzz 19 | purl: pkg:generic/suricata 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/OISF/suricata.git 23 | events: 24 | - introduced: 41d529fb24f18e142a16abbb5707fff9e916a202 25 | - fixed: a4239d433a9804f0893a1e8989211e7ee8b82fef 26 | ecosystem_specific: 27 | severity: null 28 | versions: [] 29 | schema_version: 1.3.0 30 | -------------------------------------------------------------------------------- /vulns/systemd/OSV-2018-124.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-124 2 | summary: UNKNOWN READ in netdev_get 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11314 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | netdev_get 10 | config_parse_netdev 11 | next_assignment 12 | ``` 13 | modified: '2022-04-13T03:04:40.083762Z' 14 | published: '2021-01-13T00:00:56.086232Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11314 18 | affected: 19 | - package: 20 | name: systemd 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/systemd/systemd 25 | events: 26 | - introduced: 212bd73c788c464c2e19596a102feed848cb78fa 27 | - fixed: 212bd73c788c464c2e19596a102feed848cb78fa 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/systemd/OSV-2018-191.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-191 2 | summary: Heap-buffer-overflow in network_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11302 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 8 8 | Crash state: 9 | network_free 10 | manager_free 11 | fuzz-network-parser.c 12 | ``` 13 | modified: '2022-04-13T03:04:40.109027Z' 14 | published: '2021-01-13T00:01:20.005684Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11302 18 | affected: 19 | - package: 20 | name: systemd 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/systemd/systemd 25 | events: 26 | - introduced: 212bd73c788c464c2e19596a102feed848cb78fa 27 | - fixed: 212bd73c788c464c2e19596a102feed848cb78fa 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/systemd/OSV-2018-90.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2018-90 2 | summary: Heap-buffer-overflow in wireguard_done 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11279 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 8 8 | Crash state: 9 | wireguard_done 10 | netdev_free 11 | netdev_unref 12 | ``` 13 | modified: '2022-04-13T03:04:40.078752Z' 14 | published: '2021-01-13T00:00:40.905035Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11279 18 | affected: 19 | - package: 20 | name: systemd 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/systemd/systemd 25 | events: 26 | - introduced: e27aac11f26e6e42d14939e9348b2723f2d532ac 27 | - fixed: e27aac11f26e6e42d14939e9348b2723f2d532ac 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/systemd/OSV-2021-418.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-418 2 | summary: Heap-double-free in mfree 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31055 5 | 6 | ``` 7 | Crash type: Heap-double-free 8 | Crash state: 9 | mfree 10 | parse_path_argument 11 | systemctl_parse_argv 12 | ``` 13 | modified: '2022-04-13T03:04:40.068602Z' 14 | published: '2021-02-19T00:02:40.501688Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31055 18 | affected: 19 | - package: 20 | name: systemd 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/systemd/systemd 25 | events: 26 | - introduced: 425ac7a253321b8e8d1b0a0f7a173892a3abc385 27 | - fixed: 5800f0fc682baccb24ae076b3ffea0a548812486 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/tcmalloc/OSV-2023-388.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-388 2 | summary: Heap-buffer-overflow 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58786 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 4 8 | Crash state: 9 | NULL``` 10 | modified: '2023-05-11T14:00:53.703051Z' 11 | published: '2023-05-11T14:00:53.702804Z' 12 | references: 13 | - type: REPORT 14 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58786 15 | affected: 16 | - package: 17 | name: tcmalloc 18 | ecosystem: OSS-Fuzz 19 | purl: pkg:generic/tcmalloc 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/google/tcmalloc 23 | events: 24 | - introduced: c33cb2d8935002f8ba942028a1f0871d075345a1 25 | - fixed: 200f3b2b1ce4012433495d4f7281cbbb740b7004 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | schema_version: 1.4.0 30 | -------------------------------------------------------------------------------- /vulns/unicorn/OSV-2020-231.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-231 2 | summary: UNKNOWN WRITE in gen_mftr 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20081 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | gen_mftr 10 | ``` 11 | modified: '2022-04-13T03:04:39.209952Z' 12 | published: '2020-06-26T00:00:06.484913Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20081 16 | affected: 17 | - package: 18 | name: unicorn 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/unicorn-engine/unicorn.git 23 | events: 24 | - introduced: 7e4ac9e86ef286c1418ea32aaf5b48646a952ac4 25 | - fixed: ec2e4544819b2ef0ecd297ba331d4f2172b77245 26 | ecosystem_specific: 27 | severity: HIGH 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/unicorn/OSV-2021-1554.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1554 2 | summary: UNKNOWN READ in helper_uc_tracecode 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40797 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | helper_uc_tracecode 10 | ``` 11 | modified: '2022-04-13T03:04:39.199365Z' 12 | published: '2021-11-09T00:00:29.449611Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40797 16 | affected: 17 | - package: 18 | name: unicorn 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/unicorn-engine/unicorn.git 23 | events: 24 | - introduced: 34ddafcbcf6d16508a63623a68715394ea4e12d8 25 | - fixed: 34ddafcbcf6d16508a63623a68715394ea4e12d8 26 | ecosystem_specific: 27 | severity: MEDIUM 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/usrsctp/OSV-2021-343.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-343 2 | summary: Heap-use-after-free in sctp_sorecvmsg 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30571 5 | 6 | ``` 7 | Crash type: Heap-use-after-free READ 8 8 | Crash state: 9 | sctp_sorecvmsg 10 | usrsctp_recvv 11 | handle_upcall 12 | ``` 13 | modified: '2022-04-13T03:04:42.623897Z' 14 | published: '2021-02-10T00:00:18.193322Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30571 18 | affected: 19 | - package: 20 | name: usrsctp 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/sctplab/usrsctp 25 | events: 26 | - introduced: 37a9dc3e18bfdcc972946dff0206155cee6b5dd0 27 | ecosystem_specific: 28 | severity: HIGH 29 | versions: [] 30 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-1061.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-1061 2 | summary: UNKNOWN WRITE in CompileBlock 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36551 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | CompileBlock 10 | CompileElseBlock 11 | Compile_If 12 | ``` 13 | modified: '2022-08-31T00:17:06.038315Z' 14 | published: '2021-07-26T00:00:19.072681Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36551 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 1aa41b90649a44cde14e3700e11f7feb4c9865fe 27 | - fixed: 321ba58316e77b5f4d977897aaa4bdbe43a5e38b 28 | versions: 29 | - v0.5.0 30 | ecosystem_specific: 31 | severity: HIGH 32 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-642.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-642 2 | summary: Heap-buffer-overflow in op_Const64 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33318 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 8 8 | Crash state: 9 | op_Const64 10 | EvaluateExpression 11 | InitElements 12 | ``` 13 | modified: '2022-04-13T03:04:30.656599Z' 14 | published: '2021-04-17T00:00:10.657238Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33318 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 64a22dcdc3e4239cb91b153d25c8b5bb2fac430e 27 | - fixed: b48695bb940e55c0baa0a3d5740cf48e03643b58 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-660.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-660 2 | summary: UNKNOWN READ in op_BranchIfPrologue_s 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33397 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | op_BranchIfPrologue_s 10 | m3_CallVL 11 | m3_CallV 12 | ``` 13 | modified: '2022-04-13T03:04:30.630968Z' 14 | published: '2021-04-20T00:00:13.765122Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33397 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 4c19660109617c34a4b755ab2ab7f3002ea498b2 27 | - fixed: 12a5277ec0977af493530b704a5a16e28f734788 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-676.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-676 2 | summary: Heap-buffer-overflow in op_Const64 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33554 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow WRITE 8 8 | Crash state: 9 | op_Const64 10 | EvaluateExpression 11 | m3_LoadModule 12 | ``` 13 | modified: '2022-08-31T00:19:46.676843Z' 14 | published: '2021-04-23T00:00:13.384468Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33554 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 555f3ee408e736dd331534d01c37b526a6085d36 27 | - fixed: 321ba58316e77b5f4d977897aaa4bdbe43a5e38b 28 | versions: 29 | - v0.5.0 30 | ecosystem_specific: 31 | severity: HIGH 32 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-678.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-678 2 | summary: UNKNOWN WRITE in CompileBlock 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33555 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | CompileBlock 10 | Compile_LoopOrBlock 11 | CompileBlockStatements 12 | ``` 13 | modified: '2022-08-31T00:21:39.438080Z' 14 | published: '2021-04-23T00:00:13.900793Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33555 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: ef7c7f3a7578b9ed362cfbd0d1c6f065678df531 27 | - fixed: 321ba58316e77b5f4d977897aaa4bdbe43a5e38b 28 | versions: 29 | - v0.5.0 30 | ecosystem_specific: 31 | severity: HIGH 32 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-689.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-689 2 | summary: UNKNOWN WRITE in Runtime_Release 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33689 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | Runtime_Release 10 | EvaluateExpression 11 | InitDataSegments 12 | ``` 13 | modified: '2022-04-13T03:04:30.620813Z' 14 | published: '2021-04-27T00:01:03.314259Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33689 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 64a22dcdc3e4239cb91b153d25c8b5bb2fac430e 27 | versions: 28 | - v0.5.0 29 | ecosystem_specific: 30 | severity: HIGH 31 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-698.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-698 2 | summary: UNKNOWN READ in m3_Realloc 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33744 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | m3_Realloc 10 | InitMemory 11 | CompileBlockStatements 12 | ``` 13 | modified: '2022-04-13T03:04:30.686964Z' 14 | published: '2021-04-28T00:01:10.793206Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33744 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 0d76b81c4b109272b2d98c91cb3776c8aa36befd 27 | - fixed: 6bb612ccbfd5f8993a07a99092fab534722df1c3 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-700.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-700 2 | summary: UNKNOWN READ in ReadLEB_u32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33749 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | ReadLEB_u32 10 | InitElements 11 | Compile_ExtendedOpcode 12 | ``` 13 | modified: '2022-04-13T03:04:30.651451Z' 14 | published: '2021-04-29T00:00:12.162949Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33749 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wasm3/wasm3 25 | events: 26 | - introduced: 8cb2fd424309fa6ff70cf00bfcedc4e66d3355c0 27 | - fixed: 6bb612ccbfd5f8993a07a99092fab534722df1c3 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2021-728.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-728 2 | summary: UNKNOWN WRITE in _fini 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33944 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | _fini 10 | ``` 11 | modified: '2022-04-13T03:04:30.671774Z' 12 | published: '2021-05-05T00:00:31.085366Z' 13 | references: 14 | - type: REPORT 15 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33944 16 | affected: 17 | - package: 18 | name: wasm3 19 | ecosystem: OSS-Fuzz 20 | ranges: 21 | - type: GIT 22 | repo: https://github.com/wasm3/wasm3 23 | events: 24 | - introduced: 8cb2fd424309fa6ff70cf00bfcedc4e66d3355c0 25 | - fixed: 6bb612ccbfd5f8993a07a99092fab534722df1c3 26 | ecosystem_specific: 27 | severity: HIGH 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/wasm3/OSV-2022-784.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-784 2 | summary: Segv on unknown address in FreeCodePages 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50593 5 | 6 | ``` 7 | Crash type: Segv on unknown address 8 | Crash state: 9 | FreeCodePages 10 | m3_FreeEnvironment 11 | fuzzer.c 12 | ``` 13 | modified: '2022-08-26T00:01:54.152914Z' 14 | published: '2022-08-26T00:01:54.152651Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50593 18 | affected: 19 | - package: 20 | name: wasm3 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/wasm3 23 | ranges: 24 | - type: GIT 25 | repo: https://github.com/wasm3/wasm3 26 | events: 27 | - introduced: 7608ca25e6a41b82f628eec22e8d885751308f0b 28 | versions: 29 | - v0.5.0 30 | ecosystem_specific: 31 | severity: null 32 | schema_version: 1.3.0 33 | -------------------------------------------------------------------------------- /vulns/wavpack/OSV-2020-48.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-48 2 | summary: UNKNOWN READ in decode_fast 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20448 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | decode_fast 10 | unpack_dsd_samples 11 | WavpackUnpackSamples 12 | ``` 13 | modified: '2022-04-13T03:04:42.371093Z' 14 | published: '2020-06-24T01:51:11.743367Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20448 18 | affected: 19 | - package: 20 | name: wavpack 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/dbry/WavPack.git 25 | events: 26 | - introduced: 540cdc7a5afb0884f4732735b43f9ababf658789 27 | - fixed: eefe90e7724a0ffce730655f417e34336b6d0a2b 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wget2/OSV-2020-408.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-408 2 | summary: Heap-buffer-overflow in _iri_unescape_inline 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14428 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 1 8 | Crash state: 9 | _iri_unescape_inline 10 | wget_iri_parse 11 | test 12 | ``` 13 | modified: '2022-04-13T03:04:41.747993Z' 14 | published: '2020-07-01T00:00:07.867096Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14428 18 | affected: 19 | - package: 20 | name: wget2 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.com/gnuwget/wget2.git 25 | events: 26 | - introduced: 8df8100af928f0377ee79a3886f4929fca9fb206 27 | - fixed: 6e5c820cf7a1d54b7732af3c6a3c9727d4bd78bf 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wireshark/OSV-2020-557.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-557 2 | summary: Global-buffer-overflow in dissect_snmp_PDUs 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18816 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 4 8 | Crash state: 9 | dissect_snmp_PDUs 10 | dissect_ber_choice 11 | dissect_snmp_RegisterResponse 12 | ``` 13 | modified: '2022-04-13T03:04:37.855035Z' 14 | published: '2020-07-01T00:00:16.823057Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18816 18 | affected: 19 | - package: 20 | name: wireshark 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.com/wireshark/wireshark.git 25 | events: 26 | - introduced: 14d398fe67c1da7b1554a52714b513d86f78e424 27 | - fixed: 7cbe0b2e1580686af3e13df83577cc581668950e 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/wireshark/OSV-2020-570.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-570 2 | summary: Global-buffer-overflow in decode_tlv 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13542 5 | 6 | ``` 7 | Crash type: Global-buffer-overflow READ 4 8 | Crash state: 9 | decode_tlv 10 | dissect_noe 11 | call_dissector_work 12 | ``` 13 | modified: '2022-04-13T03:04:37.816713Z' 14 | published: '2020-07-01T00:00:17.578359Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13542 18 | affected: 19 | - package: 20 | name: wireshark 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.com/wireshark/wireshark.git 25 | events: 26 | - introduced: 00318b3267c22528134ffefa026f9a46abc3f5f9 27 | - fixed: b8b582af3d54b924c6ae89cfaaa47ce1cbd3c958 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/wireshark/OSV-2021-269.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-269 2 | summary: Stack-use-after-return in sta_prop_equal_fn 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30192 5 | 6 | ``` 7 | Crash type: Stack-use-after-return READ 6 8 | Crash state: 9 | sta_prop_equal_fn 10 | wmem_map_insert 11 | dissect_ieeeNUMBER_common 12 | ``` 13 | modified: '2022-04-13T03:04:37.801763Z' 14 | published: '2021-02-04T00:00:11.295257Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30192 18 | affected: 19 | - package: 20 | name: wireshark 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://gitlab.com/wireshark/wireshark.git 25 | events: 26 | - introduced: fb2a0b4a71b134a2830e39b6493a4007818ceda6 27 | - fixed: 910c489a4a77b297052873be2e018bc98f0f77be 28 | versions: [] 29 | -------------------------------------------------------------------------------- /vulns/wireshark/OSV-2023-152.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2023-152 2 | summary: UNKNOWN READ in dissect_oran_c_section 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56724 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | dissect_oran_c_section 10 | dissect_oran 11 | call_dissector_work 12 | ``` 13 | modified: '2023-03-07T13:00:13.697607Z' 14 | published: '2023-03-07T13:00:13.697350Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56724 18 | affected: 19 | - package: 20 | name: wireshark 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/wireshark 23 | ecosystem_specific: 24 | severity: MEDIUM 25 | versions: [] 26 | schema_version: 1.3.0 27 | -------------------------------------------------------------------------------- /vulns/wolfssl/OSV-2020-2008.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-2008 2 | summary: UNKNOWN WRITE in wolfCrypt_custom_free 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26214 5 | 6 | ``` 7 | Crash type: UNKNOWN WRITE 8 | Crash state: 9 | wolfCrypt_custom_free 10 | wolfSSL_Free 11 | GetDhPublicKey 12 | ``` 13 | modified: '2022-04-13T03:04:35.700900Z' 14 | published: '2020-10-10T00:00:12.931523Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26214 18 | affected: 19 | - package: 20 | name: wolfssl 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/wolfssl/wolfssl 25 | events: 26 | - introduced: 2ed8f93592e0a2d97296c5c7f12584378a6fb502 27 | - fixed: a4bfa0dec78d2e427480a550b45c172e3a69c107 28 | ecosystem_specific: 29 | severity: HIGH 30 | versions: [] 31 | -------------------------------------------------------------------------------- /vulns/wolfssl/OSV-2022-840.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2022-840 2 | summary: Negative-size-param in wc_Sha3_256_Final 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50953 5 | 6 | ``` 7 | Crash type: Negative-size-param 8 | Crash state: 9 | wc_Sha3_256_Final 10 | wc_Hash 11 | wc_RsaPad_ex 12 | ``` 13 | modified: '2022-09-05T00:00:13.232811Z' 14 | published: '2022-09-05T00:00:13.232523Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50953 18 | affected: 19 | - package: 20 | name: wolfssl 21 | ecosystem: OSS-Fuzz 22 | purl: pkg:generic/wolfssl 23 | ecosystem_specific: 24 | severity: null 25 | versions: [] 26 | schema_version: 1.2.0 27 | -------------------------------------------------------------------------------- /vulns/yara/OSV-2020-1379.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2020-1379 2 | summary: Heap-buffer-overflow in dotnet_parse_com 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8901 5 | 6 | ``` 7 | Crash type: Heap-buffer-overflow READ 16 8 | Crash state: 9 | dotnet_parse_com 10 | dotnet__load 11 | yr_modules_load 12 | ``` 13 | modified: '2022-07-01T00:04:10.449501Z' 14 | published: '2020-07-28T00:00:05.738705Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8901 18 | affected: 19 | - package: 20 | name: yara 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/VirusTotal/yara.git 25 | events: 26 | - introduced: aa182b4f928e54189fe51606d4dc419e7b27022f 27 | - fixed: 7493247020e24407f120b6b29f6dd43c883e2f21 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | -------------------------------------------------------------------------------- /vulns/zstd/OSV-2021-727.yaml: -------------------------------------------------------------------------------- 1 | id: OSV-2021-727 2 | summary: UNKNOWN READ in MEM_read32 3 | details: | 4 | OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33956 5 | 6 | ``` 7 | Crash type: UNKNOWN READ 8 | Crash state: 9 | MEM_read32 10 | ZSTD_compressBlock_greedy_extDict_row 11 | ZSTD_ldm_blockCompress 12 | ``` 13 | modified: '2022-04-13T03:04:31.680876Z' 14 | published: '2021-05-05T00:00:30.975717Z' 15 | references: 16 | - type: REPORT 17 | url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33956 18 | affected: 19 | - package: 20 | name: zstd 21 | ecosystem: OSS-Fuzz 22 | ranges: 23 | - type: GIT 24 | repo: https://github.com/facebook/zstd 25 | events: 26 | - introduced: 0b370e9da8072c7fc967985e27a794b48555a6c7 27 | - fixed: d40f55cd950919d7eac951b122668e55e33e5202 28 | ecosystem_specific: 29 | severity: MEDIUM 30 | versions: [] 31 | --------------------------------------------------------------------------------