The Suricata War Story
Download our war story on how we found vulnerabilities in a major open-source project using libFuzzer.
In this article, we will show you how we found vulnerabilities in a large open-source project with libFuzzer.
We are talking about suricata, an Intrusion Detection System and Intrusion Prevention System (IDS/IPS). Although the project already uses fuzzing with AFL extensively, we found 14 more bugs in the program code with libFuzzer, 12 of them being critical vulnerabilities (CVEs).
libFuzzer is a powerful tool, but it has a certain complexity. If you are looking for a more user-friendly way, you can read more about CI Fuzz. Download our Whitepaper to learn more.
Fuzzing is gathering more and more popularity. If you are wondering why and looking for more information, read our blog article.
Download the technical product information sheet. Learn about the underlying technologies and discover product use cases.
In this recorded coding session we will show you how we have found a CVE in the open-source barcode generator ZINT with feedback-based fuzzing.