Login
Discover
Waves
Decks
Upgrade
Login
Signup
52
fuzz-ai
An early-stage startup building software correctness tools.
Available
Used
Resource Credits
19 Followers
12 Following
http://www.fuzz.ai/
December 2, 2018
RSS feed
Comments
Blog
Posts
Comments
Communities
Wallet
Follow
fuzz-ai
utopian-io
Monday, December 24, 2018 7:36 AM
RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message
Thinking about this a little more, I was worried you might have been right about nested JSON objects, and that deeply-nested JSON objects in the JSON-RPC API could still cause the thread to die because
$ 0.024
1
fuzz-ai
utopian-io
Thursday, December 20, 2018 10:09 PM
RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message
I thought that custom_json ops didn't use the C++ variant type, but just a JSON string. There is a bug in the JSON parser, but not an exploitable one in the way it is used. But I haven't looked at that
$ 0.025
1
1
fuzz-ai
software
Thursday, December 20, 2018 10:06 PM
RE: A Memory Exhaustion Attack Against the Steem Blockchain
I haven't identified other good entry points for fuzzing yet; one of the things I'm building is tooling that will make it easier to do so and construct the harness automatically. There are also fuzzing
$ 0.000
0
fuzz-ai
steem
Tuesday, December 18, 2018 6:27 AM
RE: SOS Daily News : all you need to know about the State of Steem @ 16 December 2018
Pennsif, I wrote up an article on the security vulnerability patched in 0.20.7 and 0.20.8, which answers some of the questions people may have about why a change was needed:
$ 0.000
0
fuzz-ai
witness
Tuesday, December 18, 2018 6:23 AM
RE: Witness Update - v0.20.7 installed and my Witness Votes by @c0ff33a
Thanks for upgrading so promptly. I published my article describing the security vulnerability today:
$ 0.000
0
fuzz-ai
witness-update
Tuesday, December 18, 2018 6:20 AM
RE: [Security Update!] Steem-in-a-box updated for 0.20.7
As promised:
$ 0.000
0
fuzz-ai
witness-update
Monday, December 17, 2018 7:03 AM
RE: [Security Update!] Steem-in-a-box updated for 0.20.7
I'll have an article up about that in a couple days (I was the one who found the bug.)
$ 0.000
0
