"Codenomicon Lab's core focus is to empower the decision makers to provide better quality software and better quality products"

Codenomicon Labs


Note that some of these vulnerabilities have been found by our customers individually using our Defensics fuzzing tools, and security testing services. Please let us know if you know other public vulnerability advisories regarding bugs fixed using Codenomicon solutions.


Crash with SRP Ciphersuite in Server Hello Message

PolarSSL Denial of Service against GCM enabled servers

Vulnerabilities fixed in the OpenSSL library

GnuTLS Hello Vulnerability

Vulnerability in BIND


SCTP Linux Kernel Panic

Heimdal in Apple OS X allows remote DoS

Apple TLS Bug


Vulnerability in Oracle

Apple remote DoS (CVE 2013-5140)


Two vulnerabilities in the ISC DHCP server implementation

RSA signature verification vulnerability in strongSwan

Invalid TLS/DTLS record vulnerability in OpenSSL

Large Host: header can crash the Apache Traffic Server

Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service


Vulnerability in open source Bluetooth bluez-hcidump

Five vulnerabilities in the BGP and OSPF daemons of Quagga


Two vulnerabilities in the BGP daemon of Quagga

SMB Stack Exhaustion Vulnerability

Two vulnerabilities in OpenLDAP

Linux SCTP INIT message handling

Lexmark vulnerabilities in HTTP and SSL

Microsoft SMB implementations

Linux Kernel (with CERT-FI):


XML (several open source libraries, with CERT-FI):

Squid (with CERT-FI):

Squid (with CERT-FI):


OpenSSL (with CERT-FI):

GnuTLS (with CERT-FI):

NetBSD (with CERT-FI):

SMB libraries:


OpenGGSN (by VTT):


Image libraries (with NISCC):


OpenSSL (with NISCC and RedHat):

Apache (with NISCC and RedHat):