Commentsfuzz-ai (52)in utopian-io • 6 years agosteemCreated with Sketch.RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_messageThinking about this a little more, I was worried you might have been right about nested JSON objects, and that deeply-nested JSON objects in the JSON-RPC API could still cause the thread to die…fuzz-ai (52)in utopian-io • 6 years agoRE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_messageI thought that custom_json ops didn't use the C++ variant type, but just a JSON string. There is a bug in the JSON parser, but not an exploitable one in the way it is used. But I haven't looked at…fuzz-ai (52)in software • 6 years agoRE: A Memory Exhaustion Attack Against the Steem BlockchainI haven't identified other good entry points for fuzzing yet; one of the things I'm building is tooling that will make it easier to do so and construct the harness automatically. There are also…fuzz-ai (52)in steem • 6 years agosteemCreated with Sketch.RE: SOS Daily News : all you need to know about the State of Steem @ 16 December 2018Pennsif, I wrote up an article on the security vulnerability patched in 0.20.7 and 0.20.8, which answers some of the questions people may have about why a change was needed:fuzz-ai (52)in witness • 6 years agosteemCreated with Sketch.RE: Witness Update - v0.20.7 installed and my Witness Votes by @c0ff33aThanks for upgrading so promptly. I published my article describing the security vulnerability today:fuzz-ai (52)in witness-update • 6 years agosteemCreated with Sketch.RE: [Security Update!] Steem-in-a-box updated for 0.20.7As promised:fuzz-ai (52)in witness-update • 6 years agosteemCreated with Sketch.RE: [Security Update!] Steem-in-a-box updated for 0.20.7I'll have an article up about that in a couple days (I was the one who found the bug.)
Comments
RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
RE: Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_message
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
RE: A Memory Exhaustion Attack Against the Steem Blockchain
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
RE: SOS Daily News : all you need to know about the State of Steem @ 16 December 2018
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
RE: Witness Update - v0.20.7 installed and my Witness Votes by @c0ff33a
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
RE: [Security Update!] Steem-in-a-box updated for 0.20.7
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
RE: [Security Update!] Steem-in-a-box updated for 0.20.7
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit