Hacker News new | ask | show | jobs
by achernya 1298 days ago
The only mosh CVE [1] was in the terminal emulator (a DoS that could only be triggered by a local user), not in the protocol. There have been no vulnerabilities in mosh's UDP protocol.

[1] https://nvd.nist.gov/vuln/detail/CVE-2012-2385
1 comments
nibbleshifter 1298 days ago
yet.

I wonder if anyone's thrown a fuzzer at it.

link
achernya 1298 days ago
Yes, mosh has fuzz tests in oss-fuzz [1].

[1] https://github.com/google/oss-fuzz/tree/master/projects/mosh

link