Report derived reports back to oss-fuzz #6782
Comments
|
Do you know who is generating entries such as https://nvd.nist.gov/vuln/detail/CVE-2021-38593 ? (It's not us :) ) Re your feature request, are you asking for a comment such as: "This bug report was assigned as OSV-2021-XXXX" on the relevant monorail oss-fuzz issues? |
|
Err... no, I don't know who's generating such issues. I was hoping it was you. :-) Yes, that's what I'm looking for. Just some comment telling me that there's a CVE for it and its number. |
|
...and something similar for the OSV issue, please. |
|
I filed google/osv.dev#258 to track the OSV ID comment. Would have to think more about the CVE ID, since we're not the ones generating them. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sometimes the findings from oss-fuzz are being passed on into further systems, e.g. there is
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566
which turned into
https://osv.dev/vulnerability/OSV-2021-903
and then into
https://nvd.nist.gov/vuln/detail/CVE-2021-38593
I appreciate that this happens, but currently it's easy to miss the new reports because they are only linked in one direction: CVE -> OSV -> oss-fuzz. It would help me to keep an overview if such derived reports could be added in a comment to the initial report from oss-fuzz.
The text was updated successfully, but these errors were encountered: