In recent years, modern fuzzing (feedback-based fuzzing) has uncovered a large number of bugs and vulnerabilities, both in open source and commercial software Among others, over 18,000 bugs in Google Chrome, over 11,000 bugs in the Linux kernel and over 1,800 bugs in Microsoft Office, have been discovered by various fuzzing tools. This blog post lists 5 examples of vulnerabilities that have been found with fuzzing and recognized as CVE (Common Vulnerabilities and Exposures) by the Mitre Corporation.
/Grafiken/Archive%20-%20Outdated%20Graphics/SOURCE_Smart%20Bug%20Detection.webp?width=267&height=267&name=SOURCE_Smart%20Bug%20Detection.webp)
1. Exposure of Sensitive Information in Microsoft Windows
Reference: CVE-2015-0061
Risk: Medium
Fuzzing tool: American Fuzzy Loop (AFL)
The vulnerability was reported by Michal Zalewski, director of Information Security Engineering at Google. Several Windows Servers, as well as Windows 7/8, did not properly initialize memory for TIFF images. This allowed attackers to remotely obtain sensitive information from the process memory.
2. Out-Of-Bounds Read in Intrusion Detection System Suricata
Reference: CVE-2019-16411
Risk: Medium / High
Fuzzing tool: CI Fuzz
This bug was reported by Sirko Höer, IT Security Consultant at Code Intelligence GmbH. During sending multiple IPv4 packets with invalid IPv4Options a function tried to access a memory area that was not allocated. This means that the software tried to read data outside of the intended buffer. In an attack scenario, this can allow attackers to cause a crash or even read sensitive information from other memory locations. In total Sirko Höer found 12 CVEs in Suricata.
3. Exposure to Sensitive Information in OpenSSL
Reference: CVE-2017-3732
Risk: Medium
Fuzzing tool: OSS-Fuzz / libFuzzer
This issue was reported to OpenSSL by the Google OSS-Fuzz team. Carry propagation bugs mean that the developer failed to add every possible carry bit during a large integer addition or multiplication, which turns into an incorrect result. This vulnerability only appears in rare edge cases and therefore remains mostly unnoticed for a long time. A successful attack relying on this propagation bug can allow an attacker to recover encryption keys.
4. Memory Corruption in Adobe Reader
Reference: CVE-2016-6978
Risk: Critical
Fuzzing tool: American Fuzzy Loop (AFL)
The issue was reported by Trend Micro’s zero-day initiative. A memory corruption implicates that the application performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Therefore, the vulnerability allowed attackers to execute arbitrary code or cause a Denial-of-Service (DoS).
5. NULL Pointer Dereference in Barcode Generator ZINT
Reference: CVE-2020-9385
Risk: High
Fuzzing tool: CI Fuzz
The vulnerability was reported by Christian Hartlage, Fuzzing Engineer at Code Intelligence. A NULL Pointer dereference existed in the barcode generator library libzint because multiples “+” characters were mishandled in a function during the generation of EAN barcodes. This could typically cause a crash or an application exit. You can read an extended article about this CVE.
Book a demo with one of our security experts to see CI Fuzz in action! We will walk you through the product and answer your questions.
