Security vulnerabilities reported by OSS-Fuzz
TomHaii opened this issue · 1 comments
TomHaii commented
Hi @tbeu, I am looking at a new open source security vulnerabilities database OSV .
OSV extracts information's from OSS-Fuzz issues and report them as vulnerability using a unique identifier.
I noticed a batch of OSS-Issues with the same "Fixed In" commit which links to a change in the OSS-fuzz configuration of matio.
For example:
https://osv.dev/vulnerability/OSV-2020-871
https://osv.dev/vulnerability/OSV-2020-859
https://osv.dev/vulnerability/OSV-2020-858
https://osv.dev/vulnerability/OSV-2020-842
The commit: 1ce8f2d.
If you be kind to explain how these issues produced and if they are an actual vulnerabilities.
Thanks!
tbeu commented
See also HDFGroup/hdf5#272.