◐ Shell
clean mode source ↗

raminfp - Overview

Hi,

Backend Engineer | Security Researcher | Fuzzing Enthusiast

Iranian software engineer passionate about making open-source software more secure and reliable through fuzzing, vulnerability research, and code contributions.

Good at breaking things to make them stronger, finding crashes, memory bugs, and security flaws in widely-used software, then writing the patches to fix them.

Python, Rust, Go, and Care my daily tools. Come for the bugs, stay for the fixes.

What I work on:

CPython: Active contributor to CPython's security and robustness through fuzzing and bug fixing.

  • Filed 9+ security-critical issues: use-after-free, NULL dereferences, type confusion, race conditions, memory leak, heap overflow and undefined behavior in core modules (_csv, _sqlite3, pyexpat, _json, ssl, datetime, lexer, _hashlib, _struct).
  • Submitted 6+ PRs with corresponding fixes for the bugs I found.
  • Contributions focus on C-level memory safety bugs discovered through targeted fuzzing.

Django: Contributed 6 PRs to the main Django repository.

  • Fixed OverflowError in SQLite queries, session handling bugs, authentication form improvements, and code quality issues.

OpenSSL: Filed 3 issues including memory leaks and NULL pointer dereferences in crypto subsystems.

HarfBuzz: Submitted 3 PRs fixing a memory leak in get_glyph_from_name(), use after free and a missing nullptr check in glyf.

LibVNC: Fixed buffer overflow issues in both libvncserver and x11vnc.

OWASP DevSecOps Guideline: Contributed 4 PRs improving container vulnerability scanning and SAST documentation.

Security bug reports across the ecosystem:

  • libass — Integer overflow leading to OOB write in ass_add_font()
  • ppp-project — Overflow in sockaddr struct
  • fluent-bit — NULL dereference on memory allocation error
  • Flask — Dev server open redirect via double slash
  • jQuery — Location.hash XSS vulnerability
  • Rust langOption::unwrap() panic issue
  • golang/goos/exec path handling issue
  • SQLAlchemy — Thread parallelism connection crash
  • crash-utility, google/syzkaller, google/sanitizers — Various kernel tooling issues and fixes

Principles and goals:

I believe in making the software we all depend on more secure. My approach is simple: fuzz it, break it, fix it, upstream it. Every crash report and patch makes the ecosystem a little safer for everyone. I focus on memory safety bugs because they have the highest real-world impact — use-after-free, NULL dereferences, buffer overflows, and type confusion are the vulnerabilities that attackers exploit.

Open source security is a public good. I contribute because reliable, safe infrastructure benefits everyone.