Submit finding

All findings

CVE-2024-9143 medium

Google OSS-Fuzz AI finds OpenSSL CVE-2024-9143

Google says its LLM-generated and enhanced OSS-Fuzz targets found 26 new vulnerabilities, highlighted by CVE-2024-9143 in OpenSSL.

Bug class
AI-generated fuzz target vulnerability discovery
Affected codebase
OpenSSL / OSS-Fuzz projects
Credited system
Google OSS-Fuzz AI
Disclosed
November 20, 2024
Attribution
Direct source attribution
Severity
medium
Source status: Google's Open Source Security Team says the 26 vulnerabilities were found with AI-generated and enhanced fuzz targets. OpenSSL assigned CVE-2024-9143 to the highlighted OpenSSL issue.

Summary

Google’s November 2024 OSS-Fuzz update says LLM-generated and enhanced fuzz targets produced 26 new vulnerability reports across projects that were already under heavy fuzzing. The standout public CVE was CVE-2024-9143 in OpenSSL, which Google described as likely present for roughly two decades and not reachable by existing human-written fuzz targets.

Why it matters

This entry predates much of the 2025-2026 agent narrative. It shows that bugflation is not limited to conversational agents reading source code. AI can also expand older automated testing systems by generating new harnesses, triaging crashes, and reaching code paths that conventional fuzzing campaigns missed.

Caveat

The Google post refers to 26 vulnerabilities, but this ledger only counts the OpenSSL CVE explicitly named in the public source. The broader set is recorded as context, not as 26 separate CVE entries.

References

Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.