Giters

ITh4cker / uafbench

UAF Fuzzing Benchmark

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

UAF Fuzzing Benchmark

We create a fuzzing benchmark of Use-After-Free (UAF) and Double-Free (DF) bugs for our evaluations. It includes recent bugs found by existing (directed) greybox fuzzers of real-world programs. We provide scripts, Valgrind's stack traces as targets and initial seeds of each subject. Please follow the instructions to install fuzzers like AFL(-QEMU), AFLGo and UAFuzz.

# Environment variables
export AFL=/path/to/afl-2.52b
export AFLGO=/path/to/aflgo
export IDA_PATH=/path/to/ida-6.9/idaq
export GRAPH_EASY_PATH=/path/to/graph-easy
export UAFUZZ_PATH=/path/to/uafuzz

# Avoid hang when fuzzing
export MALLOC_CHECK_=0

# Checkout the benchmark
git clone https://github.com/strongcourage/uafbench.git
cd uafbench; export UAFBENCH_PATH=`pwd`

# Fuzz CVE-20018-20623 with UAFuzz and timeout 60 minutes
$UAFBENCH_PATH/CVE-2018-20623.sh uafuzz 60 $UAFBENCH_PATH/valgrind/CVE-2018-20623.valgrind

# Fuzz patched version of CVE-2018-6952
$UAFBENCH_PATH/CVE-2019-20633.sh uafuzz 360 $UAFBENCH_PATH/valgrind/CVE-2018-6952.valgrind
Bug ID Program Type Crash Command Files
CVE-2018-20623 readelf (923c6a7) UAF readelf -a @@ PoC, Traces, Fuzzing script
giflib-bug-74 gifsponge (72e31ff) DF gifsponge < @@ PoC, Traces, Fuzzing script
yasm-issue-91 yasm (6caf151) UAF yasm @@ PoC, Traces, Fuzzing script
CVE-2016-4487 cxxfilt (2c49145) UAF ✔️ cxxfilt < @@ PoC, Traces, Fuzzing script
CVE-2018-11416 jpegoptim (d23abf2) DF jpegoptim @@ PoC, Traces, Fuzzing script
mjs-issue-78 mjs (9eae0e6) UAF mjs -f @@ PoC, Traces, Fuzzing script
mjs-issue-73 mjs (e4ea33a) UAF mjs -f @@ PoC, Traces, Fuzzing script
CVE-2018-11496 lzrip (ed51e14) UAF lrzip -t @@ PoC, Traces, Fuzzing script
CVE-2018-10685 lzrip (9de7ccb) UAF lrzip -t @@ PoC, Traces, Fuzzing script
CVE-2019-6455 rec2csv (97d20cc) DF rec2csv @@ PoC, Traces, Fuzzing script
CVE-2017-10686 nasm (7a81ead) UAF ✔️ nasm -f bin @@ -o /dev/null PoC, Traces, Fuzzing script
gifsicle-issue-122 gifsicle (fad477c) DF gifsicle @@ test.gif -o /dev/null PoC, Traces, Fuzzing script
CVE-2016-3189 bzip2 (962d606) UAF ✔️ bzip2recover @@ PoC, Traces, Fuzzing script

UAF bugs found by UAFuzz

Bug ID Program Type Command Relevant bugs
CVE-2019-20633 patch DF patch -Rf < @@ CVE-2018-6952
#1269, #1427, #1440 MP4Box UAF MP4Box -info @@ #1340, #1427
#702253 mutool UAF mutool draw -o /dev/null -R 832 -h 22 @@ #701294
#4266 fontforge UAF fontforge -lang=ff -c 'Open($1)' @@ #4084
#134324, #17117 perl UAF perl @@ #16889, #17051
#25821 readelf DF readelf -a @@
#25823 nm-new UAF nm-new -C @@
boolector UAF boolector @@ #41

About

UAF Fuzzing Benchmark

Languages

Language:C 62.7%Language:Assembly 19.5%Language:C++ 4.8%Language:Objective-C 3.2%Language:Makefile 2.8%Language:Scheme 1.3%Language:M4 1.0%Language:Shell 0.9%Language:Roff 0.8%Language:Yacc 0.5%Language:Python 0.4%Language:TeX 0.4%Language:Scala 0.3%Language:R 0.3%Language:Ada 0.2%Language:Perl 0.2%Language:Lex 0.1%Language:Logos 0.1%Language:HTML 0.0%Language:Pascal 0.0%Language:Emacs Lisp 0.0%Language:Raku 0.0%Language:GDB 0.0%Language:DIGITAL Command Language 0.0%Language:C# 0.0%Language:GAP 0.0%Language:Common Lisp 0.0%Language:GDScript 0.0%Language:Fortran 0.0%Language:CWeb 0.0%Language:CMake 0.0%Language:JavaScript 0.0%Language:PicoLisp 0.0%Language:sed 0.0%Language:Batchfile 0.0%Language:NSIS 0.0%Language:XSLT 0.0%Language:MATLAB 0.0%Language:Awk 0.0%Language:Rust 0.0%Language:AGS Script 0.0%Language:Slash 0.0%Language:Rebol 0.0%Language:E 0.0%Language:SuperCollider 0.0%Language:Go 0.0%Language:CLIPS 0.0%Language:Terra 0.0%Language:CSS 0.0%Language:SAS 0.0%Language:Java 0.0%Language:Module Management System 0.0%Language:NASL 0.0%Language:Mathematica 0.0%Language:RenderScript 0.0%Language:Tcl 0.0%Language:Elixir 0.0%