In this article, we will show you how we found vulnerabilities in a large open-source project with libFuzzer.

We are talking about suricata, an Intrusion Detection System and Intrusion Prevention System (IDS/IPS). Although the project already uses fuzzing with AFL extensively, we found 14 more bugs in the program code with libFuzzer, 12 of them being critical vulnerabilities (CVEs).

libFuzzer is a powerful tool, but it has a certain complexity. If you are looking for a more user-friendly way, you can read more about CI Fuzz. Download our Whitepaper to learn more.

Magic Behind Fuzzing

Magic behind Fuzzing

Fuzzing is gathering more and more popularity. If you are wondering why and looking for more information, read our blog article.

Technical overview

Technical overview

Download the technical product information sheet. Learn about the underlying technologies and discover product use cases.


CVE Hunting

In this recorded coding session we will show you how we have found a CVE in the open-source barcode generator ZINT with feedback-based fuzzing.