Skip to content

Vulnerabilities Found With
CI Fuzz and Jazzer

A selection of open-source vulnerabilities we discovered in customer projects.

CVEs Found in Suricata

12 CVEs Found in Suricata

Suricata is an  Open-Source threat detection engine capable of real-time intrusion detection (IDS). Even though Suricata already used fuzzing with AFL extensively, our vulnerability researchers were able to find 12 more critical vulnerabilities. Our findings played a crucial role in making Suricata more secure by preventing data corruption, remote code executions, and many other unwanted program behaviors.

Meet our Researchers

 

Khaled Yakdan_©Sandra Then Norbert-Schneider Fabian Meumertzheim
Khaled Yakdan
Co-founder & Chief Scientist

 
Norbert Schneider
Open-Source Security Engineer

 
Fabian Meumertzheim
Open-Source Security Engineer

 

More Vulnerabilities Detected by Our Engineers

CWA
11 Vulnerabilities

German COVID-19 Tracing

The Swiss/German COVID-19 tracing app was downloaded more than 25 Million times. Testing it for security vulnerabilities played an important role in ensuring public trust and increasing compliance. With CI Fuzz, our developers found 2  vulnerabilities in the German version (#163 and #164), and 9 vulnerabilities in the Swiss version of the app.

OWASP
2 Vulnerabilities

OWASP/JSON Sanitizer

OWASP's JSON Sanitizer transforms JSON-like input into valid and fully embeddable JSON. It is an Open Source sanitizer with over 200 dependencies. With CI Fuzz, our developers found two critical vulnerabilities in this project, that would have exposed it to XML/HTML injections. (CVE-2021-23899 and CVE-2021-23900).

OSIF
1 Vulnerability

LibHTP

LibHTP is used to securely parse HTTP protocols and the related bits and pieces. Using CI Fuzz, our developers found a critical vulnerability in LibHTP, that remote attackers could have exploited for a buffer over-read (CVE-2018-10243).



Audi
1 Vulnerability

audi/a_util

Audi is one of the leading innovators worldwide when it comes to making automotive software more secure. With CI Fuzz, our developers managed to fix an exploitable heap buffer overflow in Audi's software.


ZINT
8 Vulnerabilities

Zint Barcode Generator

Zint is a barcode generator with an encoding library that includes over 50 different symbologies. With CI Fuzz, our security researchers found 2 critical vulnerabilities (CVE-2020-9385, CVE-2021-27799 & CVE-2021-39247) and 5 more vulnerabilities. 

DLR
1 Vulnerability

DLR COBS Encoder

The DLR is the federal german space research center, which focuses its research on energy, space, transport, and security technology. With CI Fuzz, our developers were able to find a heap-buffer overread in one of the DLR's COBS encoder.


CppCMS
1 Vulnerability

CppCMS

CppCMS is a free, Open Source framework for web application development in C++, especially adept at handling extremely high loads. With CI Fuzz, our security researchers managed to find a critical vulnerability (CVE-2018-11367) within the project.


GNUPG
7 Vulnerabilities

GPGME

GnuPG Made Easy or simply GPGME is a library that makes GnuPG access easier for applications. CI Fuzz enabled our developers to find 7 vulnerabilities in GPGME that would have led to severe usability issues.



Jsoup
19 Vulnerabilities

jsoup

Jsoup is an open-source Java library used for extracting data from HTML and manipulating HTML outputs.  It can also be used to parse and build XML. With Jazzer, we found over 19 bugs (CVE-2021-37714) in jsoup. Eight of them are potentially critical for the availability of web applications using jsoup.

Genevi
1 Vulnerability

GENIVI DLT

GENIVI DLT provides a log and trace interface, based on the standardised protocol specified in the AUTOSAR standard 4.0 DLT. Here we found heap-based buffer overflow (CVE-2020-36244) that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon.

Apache
2 Vulnerabilites

Apache PDFBox

The Apache PDFBox library is an open-source Java tool for working with PDF documents. It allows the creation of new PDF documents, manipulation of existing documents, and the ability to extract content from documents. Our fuzzers were able to find an Infinite Loop (CVE-2021-27807) and an OutOfMemory-Exception (CVE-2021-27906).

FastJson
1 Vulnerability

alibaba/fastjson

Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object. Our tests showed that this application was throwing a number of undeclared exemptions.


Apache
6 Vulnerabilities

Apache Commons Compress

Apache Commons Compress software defines an API for working with compression and archive formats. We extensively tested this application and responsible disclosed four CVEs (CVE-2021-35516, CVE-2021-35515, CVE-2021-35517, CVE-2021-36090) and two more vulnerabilities

JSON
4 Vulnerability

Netplex/Json-Smart

Json-smart is a performance focused, JSON processor lib. The application (json-smart-v1, json-smart-v2) threw uncaught exceptions. When uncaught, they may have caused programs using the library to crash or expose sensitive information. (CVE-2021-27568)

OpenJDK
2 Vulnerabilites

OpenJDK

In OpenJDK, we found two vulnerabilities (CVE-2022-21360, CVE-2022-21366) that load and run untrusted code. These vulnerabilities could have been exploited by using APIs in the specified Component, e.g., through a web service that supplied data to the APIs.

protobuff
1 Vulnerability

protobuffers/protobuff

Protocol Buffers are Google's language-neutral and platform-neutral, extensible mechanism for serializing structured data. An issue in protobuf allowed malicious payload to occupy the parser for several minutes, causing frequent, repeated pauses (CVE-2021-22569).

FasterXMLJackson
2 Vulnerabilities

Faster XML/Jackson

Faster XML Jackson is a high-performance JSON processor for Java. Its developers extol the combination of fast, correct, lightweight, and ergonomic attributes of the library in which we found 2 undeclared exceptions.

NGA
1 Vulnerability

Tiff-Java

The library can currently decode greyscale and RGB images (8, 16 or 32 bits). It supports LZW compression and images with an additional alpha channel. Due to our fuzzers the maintainers were able to fix an Index Out Of Bound Error, in version 2.0.3.

Google
1 Vulnerability

Google/re2j

RE2 is a regular expression engine that runs in time linear in the size of the input. RE2/J is a port of RE2 to pure Java, where users were able to find and fix a Nullpointer Exeption due to our Java Fuzzer.

Google
1 Vulnerability

Google/gson

Gson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object, where Jazzer found an ArrayIndeyOutOfBounds.

Fuzz Your Software With Code Intelligence

Fuzzing is the most effective approach to automatically find and fix bugs and vulnerabilities in your software.
Companies like Google already find 80% of their bugs completely automated.