|Software: Suricata, v. 4.1.4|
|Risk: medium / high|
|Type: heap buffer overflow (logics bug)|
Description: This bug was found by libFuzzer By sending multiple IPv4 packets which are fragmented, the function "Defrag4Reassemble(..)" tries to access to a memory region that is not allocated. The function "Defrag4Reassemble(..)" doesn't have header_len check.
The History Behind CVEs:
The CVE (Common Vulnerabilities and Exposures) categorization was developed by the MITRE corporation in 1999. The goal of this framework was to enable companies to benefit from a single classification system. Before CVE, security tool vendors used to each offer their own unique classification system, tailored to their product. This lone-warrior approach led to a lack of interoperability and made it difficult for firms to implement security products from different suppliers. As a new industry norm, MITRE's CVE system, can be seen as a modern security benchmark, since it enables interconnectivity between a variety of software security products and services.
Why You Should Fuzz Your Software
In modern fuzzing, feedback about previous inputs is used to generate new inputs that penetrate further into a project, and thus increases the code coverage. CI Fuzz is automates this process, which enables it to detect vulnerabilities and system defects that go under the radar of traditional testing methods such as f. e static application security testing (SAST). Its high degree of automation enables developers to deploy CI Fuzz themselves, which means that valuable time can be freed to focus on other matters. Developers are the most familiar with their code. Enabling them to conduct security tests themselves, will not only save resources, it will also allow them test more efficiently, as they usually know where to look for bugs.
If you want to learn more about CI Fuzz, feel free to get in touch.