Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add a test about CVE-2022-37454 #143

Merged
merged 2 commits into from
Oct 21, 2022
Merged

Add a test about CVE-2022-37454 #143

merged 2 commits into from
Oct 21, 2022

Conversation

dinosaure
Copy link
Member

This PR adds a simple test which is a CVE-2022-37454 as reported into this article: https://mouha.be/sha-3-buffer-overflow/. Fortunately, it seems that we don't have the bug on the C implementation. However, the test take a big time and we don't systematically run it for our CI (/cc @hannesm who pointed out the CVE).

@dinosaure
Copy link
Member Author

The test fails on 32-bits architecture. Probably we should create a new executable which can be executed only on 64-bits architectures.

@dinosaure dinosaure merged commit 195c825 into master Oct 21, 2022
@dinosaure dinosaure deleted the cve-2022-37454 branch October 21, 2022 13:12
@dinosaure dinosaure mentioned this pull request Mar 23, 2023
Merged
dinosaure added a commit to dinosaure/opam-repository that referenced this pull request Mar 23, 2023
@dinosaure
[new release] digestif (1.1.4)
5204fd5 
CHANGES:

- Add a test about CVE-2022-37454 (@dinosaure, mirage/digestif#143)
- Lint the distribution and delete the `pkg-config` dependency (@dinosuare, 1eff5c5)
- Fix primitives used for bytes and fix the support of `js_of_ocaml` 5 (@hhugo, mirage/digestif#144)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dinosaure