Closed TomHaii closed 3 years ago
Hi @tbeu, I am looking at a new open source security vulnerabilities database OSV . OSV extracts information's from OSS-Fuzz issues and report them as vulnerability using a unique identifier. I noticed a batch of OSS-Issues with the same "Fixed In" commit which links to a change in the OSS-fuzz configuration of matio. For example: https://osv.dev/vulnerability/OSV-2020-871 https://osv.dev/vulnerability/OSV-2020-859 https://osv.dev/vulnerability/OSV-2020-858 https://osv.dev/vulnerability/OSV-2020-842
The commit: https://github.com/tbeu/matio/commit/1ce8f2d1845ecdde19a35605cabdbb884776d52d.
If you be kind to explain how these issues produced and if they are an actual vulnerabilities.
Thanks!
See also https://github.com/HDFGroup/hdf5/issues/272.
tbeu
commented
3 years ago tbeu
commented
3 years ago
Hi @tbeu, I am looking at a new open source security vulnerabilities database OSV . OSV extracts information's from OSS-Fuzz issues and report them as vulnerability using a unique identifier. I noticed a batch of OSS-Issues with the same "Fixed In" commit which links to a change in the OSS-fuzz configuration of matio. For example: https://osv.dev/vulnerability/OSV-2020-871 https://osv.dev/vulnerability/OSV-2020-859 https://osv.dev/vulnerability/OSV-2020-858 https://osv.dev/vulnerability/OSV-2020-842
The commit: https://github.com/tbeu/matio/commit/1ce8f2d1845ecdde19a35605cabdbb884776d52d.
If you be kind to explain how these issues produced and if they are an actual vulnerabilities.
Thanks!