Skip to content
Henning Perl 3 min read

What Bugs Can You Find With Fuzzing?

Modern fuzz testing is one of the most effective methods to find bugs and vulnerabilities in software. It is so effective because it runs the application with dynamic inputs to provoke unexpected or erroneous behavior. Modern fuzzing engines can also retrieve feedback from previous inputs to generate new and more advanced fuzzing queries. They are optimized to improve your code coverage and detect all types of bug classes.

Since 2018, Code intelligence provides a platform for automated fuzz testing. Working closely together with industry and academia, the engineers at Code Intelligence were able to extend the reach of modern fuzz testing to a variety of different use cases. In this article, you will find an overview of some of the bug classes that the CI team found over the past years.*

* Please note that for confidential reasons, not all findings are included in this blog. If you are interested in a specific bug class, please contact our experts.List of bugs found with fuzzing in C/C++

List of bugs and CWEs that CI Fuzz found in C/C++ software (click to enlarge)

What Bugs Can You Find With Fuzzing in C/C++?

Memory Buffer Errors

  • Buffer Overflow
  • Incorrect Calculation of Buffer Size
  • Free of Memory not on the Heap
  • Integer Overflow to Buffer Overflow
  • Access of Memory Location Before Start of Buffer
  • Improper Access Control Applied to Mirrored or Aliased Memory Regions
  • Improper Handling of Overlap Between Protected Memory Ranges
  • Double-Free
  • Out-of-bounds Read
  • Out-of-bounds Write
  • Dangling pointer

Data Validation Issues

  • Out-of-bounds array index
  • Object Type Confusion
  • Improper Input Validation

Pointer Issues

  • Return of Pointer Value Outside of Expected Range
  • NULL Pointer Dereference
  • Assignment of a Fixed Address to a Pointer
  • Attempt to Access Child of a Non-structure Pointer
  • Untrusted pointer offset

Numeric Errors

  • Integer Overflow or Wraparound
  • Off-by-five
  • Numeric Range Comparison Without Minimum Check

Concurrency Issues

  • Signal Handler Race Condition
  • Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) 
  • Race Condition within a Thread
  • Time Of Check To Time Of Use
  • Race Condition During Access to Alternate Channel
  • Context Switching Race Condition 
  • Race Condition for Write-Once Attributes
  • Improper Synchronization 

Bad Coding Practices

  • Return of Stack Variable Address 
  • Reliance on machine-dependent Data Representation 
  • Use of platform-dependent Third Party Components 


Info Box: Fuzzing With Sanitizers

Some bugs can not be detected by fuzzing alone. To trigger these more complex vulnerabilities, you will have to use additional sanitizers. For example, ThreadSanitizer for race conditions, or AddressSanitizer for memory buffer errors. These sanitizers are software libraries that you compile into your code to make your program crash more often.  The CI Fuzz testing platform can help you to set up and configure those sanitizers, in order to improve your code coverage. Click here to learn more about sanitizers


What Bugs Can You Find With Fuzzing in Java?

Fuzz testing is also an effective approach for finding security vulnerabilities in memory-safe languages. With our fuzzing engine for Java, we regularly uncover all kinds of bugs in JVM-based customer projects. Here is a list of some typical bugs we find during security testing for Java applications:

Data Validation Errors

  • Injection 
  • Exposure of Sensitive Information to an Unauthorized Actor 
  • XML External Entities (XXE) 
  • Sensitive Data Exposure
  • Generation of Error Message Containing Sensitive Information 
  • Cross-Site Scripting XSS 

Logic Issues

  • Logic issue: bypass security features 

Audit/Logging Errors

  • Logging of Excessive Data 
  • Insufficient Logging
  • Insufficient Logging & Monitoring
  • Broken Authentication
  • Broken Access Control

Cookie Issues

  • Sensitive Cookie with Improper SameSite Attribute 
  • Sensitive Cookie Without 'HttpOnly' Flag 
  • Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Other Issues

  • Denial of Service (DoS) 
  • Infinite Loop
  • Security Misconfiguration 
  • Insecure Deserialization 
  • Using Components with Known Vulnerabilities 
  • Uncaught Exceptions

Download CI Fuzz Bug Report

Although our fuzzing engine already uncovers a large variety of different bug classes, we are constantly improving and fine-tuning our platform, to make security testing more usable and accessible for everyone. For an in-depth look at the tech that Code Intelligence offers, you can check out our product tour or download one of our sample bug reports.

Findings CI Fuzz

CI Fuzz bug report [PDF]