[Python-modules-team] Fuzzing enzyme
Etienne Millon
etienne.millon at gmail.com
Sat Mar 14 15:04:59 UTC 2015
* Henri Salo <henri at nerv.fi> [150314 12:27]:
> Hi,
>
> I found several issues while fuzzing enzyme. I am planning to report these
> issues to Github upstream project. Do you want to get notified about created
> issues and do you want me to create Debian BTS items about these cases also?
>
> Most of these are probably not security related as it is userland cli tool crash
> and not e.g. CWE-400 <https://scapsync.com/cwe/CWE-400> type of denial of
> service issue.
>
> Used tools:
> http://lcamtuf.coredump.cx/afl/
> https://bitbucket.org/jwilk/python-afl
>
> In case you need more information or you want me to fuzz other Python tools
> please reply, thanks!
>
> --
> Henri Salo
Thanks for investigating enzyme.
I would indeed appreciate if you created an entry in the BTS for this
issue, that would be easier to track for me (and possibly the security
team depending on your findings).
I'm personally very interested in this fuzzing tool so I'm quite
curious if you have some information about your workflow with it, like
how you used it to find these particular bugs.
I maintain at least two other python tools that you may be interested
in:
- feedparser, a parser for RSS and Atom feeds.
- guessit, a parser that extract metadata from filenames only.
In particular feedparser has high popcon and downloads from the
network so I'm very interested in your findings.
Thanks!
--
Etienne Millon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20150314/1f460446/attachment.sig>
More information about the Python-modules-team
mailing list