Skip to content

Releases: github/securitylab

Qualcomm-MSM

29 Nov 19:13
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a vulnerable snapshot of the Qualcomm MSM codebase from 7 May 2017 for the purpose of this blog post.

Powershell

29 Nov 21:54
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a vulnerable version of the Powershell codebase. The "Zip Slip" vulnerability was announced on June 5th 2018, by Snyk.

Lipjpeg-Turbo (Patched for Variant Analysis)

29 Nov 18:44
cbc3e4d
Compare
Choose a tag to compare

This is a CodeQL database that captures the fixed version of libjpeg-turbo, following this vulnerable version published in this release.

Context:
The database was used as an example of variant analysis for a recent bugfix in libjpeg-turbo, an open-source image processing library.

Lipjpeg-Turbo (Patched Version)

29 Nov 18:55
cbc3e4d
Compare
Choose a tag to compare

This is a CodeQL database that captures the fixed version of libjpeg-turbo, following this vulnerable version published in this release and the patched version for variant analysis published in this release. The first three results from this snapshot are actually true positives, which we reported.

Context:
The database was used as an example of variant analysis for a recent bugfix in libjpeg-turbo, an open-source image processing library.

Libjpeg-Turbo (Vulnerable Version)

29 Nov 18:40
cbc3e4d
Compare
Choose a tag to compare

This is a CodeQL database that captures a vulnerable snapshot of libjpeg-turbo.

Context:
The database was used as an example of variant analysis for a recent bugfix in libjpeg-turbo, an open-source image processing library.

Libssh2 (CVE-2019-13115)

29 Nov 19:03
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a vulnerable snapshot of libssh2 where CVE-2019-13115 is presented. You can learn more in this blog post.

Facebook Fizz (CVE-2019-3560)

29 Nov 18:36
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a vulnerable snapshot of the Facebook Fizz integer overflow vulnerability (CVE-2019-3560). Fizz contained a remotely triggerable infinite loop. For more details about the bug, see this blog post. A proof-of-concept exploit is available here.

Etherpad 1.6.2 (CVE-2018-6835)

29 Nov 22:26
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a vulnerable snapshot of the Etherpad 1.6.2 codebase where there exists CVE-2018-6835. You can learn more on this blog post.

Etherpad (Patched Version)

29 Nov 22:29
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a patched version of the previously vulnerable database. You can learn more from this blog post.

Etherpad 1.6.4 (Ineffective Patch)

29 Nov 22:37
cbc3e4d
Compare
Choose a tag to compare

This CodeQL database captures a vulnerable version of the Etherpad codebase due to the implementation of an ineffective patch, specifically, a new sanitizer. You can learn more from this blog post.