Vulnerabilities Found With CI Fuzz and Jazzer
The following list shows a selection of vulnerabilities from customer projects in which open source projects were analyzed with Code Intelligence software.
/250x250/SOURCE_Trophies.png)
12 CVEs Found in Suricata
Suricata is an Open-Source threat detection engine capable of real-time intrusion detection (IDS). Even though Suricata already used fuzzing with AFL extensively, our vulnerability researchers were able to find 12 more critical vulnerabilities. Our findings played a crucial role in making Suricata more secure by preventing data corruption, remote code executions, and many other unwanted program behaviors.
More Vulnerabilities Detected With CI Fuzz
11 Vulnerabilities
German COVID-19 Tracing
The Swiss/German COVID-19 tracing app was downloaded more than 25 Million times. Testing it for security vulnerabilities played an important role in ensuring public trust and increasing compliance. With CI Fuzz, our developers found 2 vulnerabilities in the German version (#163 and #164), and 9 vulnerabilities in the Swiss version of the app.
2 Vulnerabilities
OWASP/JSON Sanitizer
OWASP's JSON Sanitizer transforms JSON-like input into valid and fully embeddable JSON. It is an Open Source sanitizer with over 200 dependencies. With CI Fuzz, our developers found two critical vulnerabilities in this project, that would have exposed it to XML/HTML injections. (CVE-2021-23899 and CVE-2021-23900)
1 Vulnerability
LibHTP
LibHTP is used to securely parse HTTP protocols and the related bits and pieces. Using CI Fuzz, our developers found a critical vulnerability in LibHTP, that remote attackers could have exploited for a buffer over-read (CVE-2018-10243).
1 Vulnerability
audi/a_util
Audi is one of the leading innovators worldwide when it comes to making automotive software more secure. With CI Fuzz, our developers managed to fix an exploitable heap buffer overflow in Audi's software.
8 Vulnerabilities
Zint Barcode Generator
Zint is a barcode generator with an encoding library that includes over 50 different symbologies. With CI Fuzz, our security researchers found 2 critical vulnerabilities (CVE-2020-9385, CVE-2021-27799 & CVE-2021-39247) and 5 more vulnerabilities.
1 Vulnerability
German Aerospace Center
The DLR is the federal german space research center, which focuses its research on energy, space, transport, and security technology. With CI Fuzz, our developers were able to find a heap-buffer overread in one of the DLR's COBS encoders.
1 Vulnerability
CppCMS
CppCMS is a free, Open Source framework for web application development in C++, especially adept at handling extremely high loads. With CI Fuzz, our security researchers managed to find a critical vulnerability (CVE-2018-11367) within the project.
7 Vulnerabilities
GPGME
GnuPG Made Easy or simply GPGME is a library that makes GnuPG access easier for applications. CI Fuzz enabled our developers to find 7 vulnerabilities in GPGME that would have led to severe usability issues.
19 Vulnerabilities
jsoup
Jsoup is an open-source Java library used for extracting data from HTML and manipulating HTML outputs. It can also be used to parse and build XML. With Jazzer, we found over 19 bugs (CVE-2021-37714) in jsoup. Eight of them are potentially critical for the availability of web applications using jsoup.
Fuzz Your Software
Fuzzing is the most effective approach to automatically find and fix bugs and vulnerabilities in your software.
Companies like Google already find 80% of their bugs completely automated.
CI Fuzz Trophies
Swiss COVID-19 Tracing App
German COVID-19 Tracing App
Zint Barcode Generator
Audi AG
German Aerospace Center (DLR)
Suricata 4.1.4
Suricata 4.0.4
LibHTP
json-sanitizer
GENIVI Alliance
GPGme
Apache PDFBox
FasterXML Jackson
Cpp CMS
Ready to Get Started?