Date
1 - 1 of 1
containerd fuzzing audit
Adam Korczynski <Adam@...>
Hello all,
containerd recently completed their fuzzing audit which resulted in a comprehensive fuzzing suite running continuously by way of OSS-Fuzz and in the CI covering multiple critical parts of the code base. The fuzzers found 4 issues, including a memory-exhaustion
vulnerability of moderate severity.
You can read more about the audit in this blog post: https://www.cncf.io/blog/2023/03/02/containerd-completes-fuzzing-audit/
Many other projects have completed fuzzing audits, including Vitess, Argo, Kubernetes, Cluster-API, Cilium. You can read more about fuzzing the CNCF landscape here: https://www.cncf.io/blog/2022/06/28/improving-security-by-fuzzing-the-cncf-landscape/.
If you wish to have a fuzzing audit carried out for your CNCF-hosted project, please reach out to the CNCF.
Kind regards,
Adam Korczynski
Security Engineer, Ada Logics
Registered office: 266 Banbury Road, Post Box 292,
OX2 7DL, Oxford, Oxfordshire , United Kingdom