-
Notifications
You must be signed in to change notification settings - Fork 8
/
25402.json
82 lines (82 loc) · 4.35 KB
/
25402.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
{
"fix": "https://github.com/beltoforion/muparser/commit/322716256d60e316c9a3b905a387be36d4e47368",
"verify": "0",
"localId": 25402,
"project": "muparser",
"fuzzer": "libfuzzer",
"sanitizer": "asan",
"crash_type": "Heap-buffer-overflow READ 8",
"severity": "Medium",
"report": {
"comments": [
{
"projectName": "oss-fuzz",
"localId": 25402,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1599171304,
"content": "Detailed Report: https://oss-fuzz.com/testcase?key=5758791700971520\n\nProject: muparser\nFuzzing Engine: libFuzzer\nFuzz Target: set_eval_fuzzer\nJob Type: libfuzzer_asan_muparser\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 8\nCrash Address: 0x613000000380\nCrash State:\n mu::ParserBase::ParseCmdCodeBulk\n mu::ParserBase::ParseString\n set_eval_fuzzer.cc\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nCrash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_muparser&revision=202009030626\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5758791700971520\n\nIssue filed automatically.\n\nSee https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.",
"descriptionNum": 1
},
{
"projectName": "oss-fuzz",
"localId": 25402,
"sequenceNum": 1,
"commenter": {
"userId": "1950284618",
"displayName": "sheriffbot"
},
"timestamp": 1599250573,
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "Disclosure-2020-12-02"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 25402,
"sequenceNum": 2,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1600354108,
"content": "ClusterFuzz testcase 5758791700971520 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_asan_muparser&range=202009160611:202009170617\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Status",
"newOrDeltaValue": "Verified",
"oldValue": "New"
},
{
"fieldName": "Labels",
"newOrDeltaValue": "ClusterFuzz-Verified"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 25402,
"sequenceNum": 3,
"commenter": {
"userId": "1950284618",
"displayName": "sheriffbot"
},
"timestamp": 1602960436,
"content": "This bug has been fixed for 30 days. It has been opened to the public.\n\n- Your friendly Sheriffbot",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "-restrict-view-commit"
}
]
}
]
},
"fix_commit": "322716256d60e316c9a3b905a387be36d4e47368",
"repo_addr": "https://github.com/beltoforion/muparser.git"
}