Hacker News new | ask | show | jobs
by oxxoxoxooo 950 days ago
> Implementations of big number math can and does contain bugs. (I used to hunt for those via fuzzing, which turned up an amazing number of them.)

I'm curious, can you give some examples what kind of bugs did you discover?
1 comments
hannob 950 days ago
CVE-2015-3193 in OpenSSL, CVE-2016-1938 in NSS. There were more, it's been a while.

Ultimately: things like a^b or a/b would return wrong results for certain inputs.

link
oxxoxoxooo 950 days ago
Thanks!
link