From nobody Mon Jan 06 10:48:14 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YRWB32HTlz5kKTF for ; Mon, 06 Jan 2025 10:48:27 +0000 (UTC) (envelope-from crispy.james.watt@gmail.com) Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YRWB22C1lz4MNQ for ; Mon, 6 Jan 2025 10:48:26 +0000 (UTC) (envelope-from crispy.james.watt@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=SS2NQLPJ; spf=pass (mx1.freebsd.org: domain of crispy.james.watt@gmail.com designates 2607:f8b0:4864:20::b35 as permitted sender) smtp.mailfrom=crispy.james.watt@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-e537d9e3d75so20463164276.3 for ; Mon, 06 Jan 2025 02:48:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736160505; x=1736765305; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=GDlIc6Oz/dScwIdFzyLHg4jtLM2ZxlYeBJWA4pyeac0=; b=SS2NQLPJoLB5YrjDP0aclMh5Lj1a/R0nAWuA4YzNChQvfs3gntD8axti0set+4ttUy YpevLtrwL8+dd51vLGwzG/bTY0rNqq4oy/vOlUbk0Z249tc9f/NR7rhERTdPBGZxeYNA nC43dvR0E3OZO5KUcsCNCcUxxLphBeQ48G6fH+AkBHRd7i79jIZX/3VatBL6KZFxyXmA 41mcFqBIZKgcVjtGmvTeK5BrdFHstb1fOYOKRwhPE5foSzRQwOTT8SSMC9nWuJZh3K96 dte8zuULLA8VdeN2w8VrJ2JDLD4fnGQusvkwsGCUnpPGdrkmfwqNR84g5IFXE/2/8gno IKxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736160505; x=1736765305; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GDlIc6Oz/dScwIdFzyLHg4jtLM2ZxlYeBJWA4pyeac0=; b=Nc2PrVC7nctpt0Ysj7LqriRxybsUDTI98wRKNE5kfy+gc4DUiOIEzmOPtflFgUZuy9 abHPMgWTC2CNijThlFTw0LwhffvMJpRddwnsHNBY8yVpWxDNpMd1OP63YVbI8ucT0MYi Te8Zw1lBuFxQZdVSrcVnERquMzI2wuIBIA5icNMX7KyOKGvNTD+ndZpF5jySeeMPeDjk oVdV5Oaoj+Yguffufi9XgMGje6py3Wnu5NQOPSGTa+6rlkDA7gtmrEZ9jG7QKLsno8dz /JoGGqRtlO31aCxMVe87Py8uGk2HlXz38o2rQBGf1Fn+YSKaISkcKUroR9JveDoUekDq WFXQ== X-Gm-Message-State: AOJu0YyEDQ2CfcijEdDARjF2vvF1PCZW1WJu8OcgFy55ht3syTjnvlyh 8KXTeQQXKCWNgPWoD/NKVv/Pv288CrBP1m/j7w+VufZ52x4g4qHCRCAWeohxxrJLiGoY0j0NaWn ZiketF4sk4EfHdt1yUecS/orX3hNec9D3kFk= X-Gm-Gg: ASbGncu50I0C4nwhlwcM6XjVzZe0qrLqWvOQ2EwkEFxNbzi0hz45JpJ5j7Q8luQqvKZ H9K26ccg1QVl04Ot9XKrmHt/mw+jAALLMz5V/ X-Google-Smtp-Source: AGHT+IEcHYd5vJZCUZ6Kwk1ly0wLLTNt2PygJ8NmI8jmL8pBiLnhSyyzcImfLnx4SKavtkaNvYkTbohZ4MsD4/Isbbs= X-Received: by 2002:a05:6902:2808:b0:e4d:89e9:6a99 with SMTP id 3f1490d57ef6-e538c2a6e65mr36637544276.31.1736160505144; Mon, 06 Jan 2025 02:48:25 -0800 (PST) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: James Watt Date: Mon, 6 Jan 2025 18:48:14 +0800 Message-ID: Subject: Re: Security Vulnerability - Action Required: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability may in your project To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="0000000000002eab12062b075e00" X-Rspamd-Queue-Id: 4YRWB22C1lz4MNQ X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.93 / 15.00]; URI_COUNT_ODD(1.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.93)[-0.930]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TAGGED_FROM(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::b35:from] --0000000000002eab12062b075e00 Content-Type: text/plain; charset="UTF-8" Hi, Henrich Thank you for your reply about this issue which has been detected by our tools. Now I want to know your thoughts about our tool. When you have a chance, could you please take a look at our tool? Specifically, we're interested in understanding: 1. Do you feel the detection results from our tool help enhance the security of your project? 2. Would you be willing to let us regularly scan your project in the future to identify potential vulnerabilities? 3. Our tool works by collecting patches from existing publicly disclosed vulnerabilities in real-time and scanning target projects for the presence of identical code or similar logic. Do you have any suggestions for improving this vulnerability detection approach? Please feel free to tell me your thoughts, it's really important for us to improve our tool. Thank you! --0000000000002eab12062b075e00 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,=C2=A0 Henrich

=
Thank you for your reply abou= t this issue which has been detected by our tools. Now I want to know your = thoughts about our tool. When you have a chance, could you please take a lo= ok at our tool? Specifically, we're interested in understanding:

  • Do you feel the detecti= on results from our tool help enhance the security of your project?
    • Would you be willing to = let us regularly scan your project in the future to identify potential vuln= erabilities?
  • Our = tool works by collecting patches from existing publicly disclosed vulnerabi= lities in real-time and scanning target projects for the presence of identi= cal code or similar logic. Do you have any suggestions for improving this v= ulnerability detection approach?
    Please = feel free to tell me your thoughts, it's really important for us to imp= rove our tool. Thank you!


    • 3D""
    --0000000000002eab12062b075e00--