[committee] Publicly Accessible Fuzzing Corpus on UCC Repository
Zero Poison
darkb1100 at gmail.com
Sun May 18 23:16:55 AWST 2025
*Dear UCC Maintainers,*
My name is *Muhammad Rebaal*, and I am a *security researcher* currently
reviewing publicly available resources for fuzzing and secure software
development.
While browsing your Mercurial repositories hosted at https://hg.ucc.asn.au/,
I noticed that the repository dropbear-fuzzcorpus contains fuzzing corpora
and dictionaries, including files from oss-fuzz and other internal test
data. This includes:
-
Seed corpora
-
Dictionaries for postauth_nomaths, kexcurve25519, etc.
-
Commit history going back several years, possibly containing fuzzing
artifacts.
Although I understand that Dropbear and its associated tools are
open-source and this may be intentional, I wanted to bring it to your
attention in case *this data was not meant to be publicly accessible*.
Fuzzing corpora may sometimes expose edge-case test inputs that could be
considered sensitive depending on their origin.
If this exposure was unintentional, you may consider restricting access or
archiving the repository appropriately.
Please feel free to reach out if you'd like me to provide further technical
details or context.
Best regards,
*Muhammad Rebaal*
Security Researcher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/committee/attachments/20250518/423f343d/attachment-0001.htm>
More information about the committee
mailing list