ForAllSecure Vulnerability Disclosures

Researchers from VDA Labs used ForAllSecure Mayhem to discover a stack overflow (CVE-2020-15359) in a popular open source sound utility, MP3Gain. MP3Gain analyzes and adjusts MP3 files so that they have the ...

Remember trigonometry, where you were given the length of two sides of a triangle and had to compute the third side? We remembered vaguely SOH CAH TOA, but not much more. One ...

In late March 2014, two teams of security researchers independently started fuzz testing OpenSSL, an open source utility that encrypts traffic from a web browser to a server and forms the basis ...

Introduction Deserialization of untrusted input is a common attack vector, making both the MITRE top-25 most dangerous software errors. Even without an attacker, mistakes in serialization or deserialization decrease the reliability of ...

Introduction For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box ...

Introduction In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference, ...

Introduction As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries ...

Introduction This summer, I utilized ForAllSecure Mayhem, a next-generation fuzz testing solution, to analyze software that are heavily used. I felt these types of components in particular deserve more scrutiny from a ...

At ForAllSecure, our mission is to help developers find critical bugs in their software quicker, easier, and faster than standard development practices and tools. To facilitate this mission, we have looked to ...