Releases: github/securitylab
Qualcomm-MSM
This CodeQL database captures a vulnerable snapshot of the Qualcomm MSM codebase from 7 May 2017 for the purpose of this blog post.
Powershell
This CodeQL database captures a vulnerable version of the Powershell codebase. The "Zip Slip" vulnerability was announced on June 5th 2018, by Snyk.
Lipjpeg-Turbo (Patched for Variant Analysis)
This is a CodeQL database that captures the fixed version of libjpeg-turbo, following this vulnerable version published in this release.
Context:
The database was used as an example of variant analysis for a recent bugfix in libjpeg-turbo, an open-source image processing library.
Lipjpeg-Turbo (Patched Version)
This is a CodeQL database that captures the fixed version of libjpeg-turbo, following this vulnerable version published in this release and the patched version for variant analysis published in this release. The first three results from this snapshot are actually true positives, which we reported.
Context:
The database was used as an example of variant analysis for a recent bugfix in libjpeg-turbo, an open-source image processing library.
Libjpeg-Turbo (Vulnerable Version)
This is a CodeQL database that captures a vulnerable snapshot of libjpeg-turbo.
Context:
The database was used as an example of variant analysis for a recent bugfix in libjpeg-turbo, an open-source image processing library.
Libssh2 (CVE-2019-13115)
This CodeQL database captures a vulnerable snapshot of libssh2 where CVE-2019-13115 is presented. You can learn more in this blog post.
Facebook Fizz (CVE-2019-3560)
This CodeQL database captures a vulnerable snapshot of the Facebook Fizz integer overflow vulnerability (CVE-2019-3560). Fizz contained a remotely triggerable infinite loop. For more details about the bug, see this blog post. A proof-of-concept exploit is available here.
Etherpad 1.6.2 (CVE-2018-6835)
This CodeQL database captures a vulnerable snapshot of the Etherpad 1.6.2 codebase where there exists CVE-2018-6835. You can learn more on this blog post.
Etherpad (Patched Version)
This CodeQL database captures a patched version of the previously vulnerable database. You can learn more from this blog post.
Etherpad 1.6.4 (Ineffective Patch)
This CodeQL database captures a vulnerable version of the Etherpad codebase due to the implementation of an ineffective patch, specifically, a new sanitizer. You can learn more from this blog post.