Login
Discover
Waves
Decks
Plus
Login
Signup
fuzz-ai
@fuzz-ai
52
An early-stage startup building software correctness tools.
Followers
19
Following
12
Resource Credits
Available
Used
Website
http://www.fuzz.ai/
Created
December 2, 2018
RSS Feed
Subscribe
Comments
Blog
Posts
Comments
Communities
Wallet
fuzz-ai
utopian-io
2018-12-24 07:36
RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message
Thinking about this a little more, I was worried you might have been right about nested JSON objects, and that deeply-nested JSON objects in the JSON-RPC API could still cause the thread to die because
$ 0.024
1
fuzz-ai
utopian-io
2018-12-20 22:09
RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message
I thought that custom_json ops didn't use the C++ variant type, but just a JSON string. There is a bug in the JSON parser, but not an exploitable one in the way it is used. But I haven't looked at that
$ 0.025
1
1
fuzz-ai
software
2018-12-20 22:06
RE: A Memory Exhaustion Attack Against the Steem Blockchain
I haven't identified other good entry points for fuzzing yet; one of the things I'm building is tooling that will make it easier to do so and construct the harness automatically. There are also fuzzing
$ 0.000
0
fuzz-ai
steem
2018-12-18 06:27
RE: SOS Daily News : all you need to know about the State of Steem @ 16 December 2018
Pennsif, I wrote up an article on the security vulnerability patched in 0.20.7 and 0.20.8, which answers some of the questions people may have about why a change was needed:
$ 0.000
0
fuzz-ai
witness
2018-12-18 06:23
RE: Witness Update - v0.20.7 installed and my Witness Votes by @c0ff33a
Thanks for upgrading so promptly. I published my article describing the security vulnerability today:
$ 0.000
0
fuzz-ai
witness-update
2018-12-18 06:20
RE: [Security Update!] Steem-in-a-box updated for 0.20.7
As promised:
$ 0.000
0
fuzz-ai
witness-update
2018-12-17 07:03
RE: [Security Update!] Steem-in-a-box updated for 0.20.7
I'll have an article up about that in a couple days (I was the one who found the bug.)
$ 0.000
0
