Giter Site home page Giter Site logo

tiif / uafbench Goto Github PK

View Code? Open in Web Editor NEW

This project forked from strongcourage/uafbench

0.0 0.0 0.0 92.14 MB

UAF Fuzzing Benchmark

Shell 1.19% JavaScript 0.01% C++ 5.75% Scheme 1.71% Python 0.50% Perl 0.30% C 89.56% PHP 0.01% Emacs Lisp 0.06% Objective-C 0.04% Java 0.01% Common Lisp 0.01% Scala 0.39% Eiffel 0.01% Fortran 0.02% SuperCollider 0.01% Tcl 0.01% R 0.38% Go 0.01% C# 0.04%

uafbench's Introduction

UAF Fuzzing Benchmark

We create a fuzzing benchmark of Use-After-Free (UAF) and Double-Free (DF) bugs for our evaluations. It includes recent bugs found by existing (directed) greybox fuzzers of real-world programs. We provide scripts, Valgrind's stack traces as targets and initial seeds of each subject. Please follow the instructions to install fuzzers like AFL(-QEMU), AFLGo and UAFuzz.

# Environment variables
export AFL=/path/to/afl-2.52b
export AFLGO=/path/to/aflgo
export IDA_PATH=/path/to/ida-6.9/idaq
export GRAPH_EASY_PATH=/path/to/graph-easy
export UAFUZZ_PATH=/path/to/uafuzz

# Avoid hang when fuzzing
export MALLOC_CHECK_=0

# Checkout the benchmark
git clone https://github.com/strongcourage/uafbench.git
cd uafbench; export UAFBENCH_PATH=`pwd`

# Fuzz CVE-20018-20623 with UAFuzz and timeout 60 minutes
$UAFBENCH_PATH/CVE-2018-20623.sh uafuzz 60 $UAFBENCH_PATH/valgrind/CVE-2018-20623.valgrind

# Fuzz patched version of CVE-2018-6952
$UAFBENCH_PATH/CVE-2019-20633.sh uafuzz 360 $UAFBENCH_PATH/valgrind/CVE-2018-6952.valgrind

You can also fuzz without IDA Pro by specifying the argument --no_ida in the Python scripts. In this case, existing Ida files and call graphs in the folder /ida will be used. For example, the last two commands in CVE-2019-20633.sh should be updated as follows:

$UAFUZZ_PATH/scripts/preprocess.py --no_ida -f $PUT -v $targets -o $FUZZ_DIR
$UAFUZZ_PATH/scripts/run_uafuzz.py --no_ida -f $FUZZ_DIR/$PUT -M fuzz -i $FUZZ_DIR/in -o run -r "$FUZZ_DIR/$PUT -Rf" -I $runmode -T "$FUZZ_DIR/$PUT.tgt" -to $timeout
Bug ID Program Type Crash Command Files
CVE-2018-20623 readelf (923c6a7) UAF readelf -a @@ PoC, Traces, Fuzzing script
giflib-bug-74 gifsponge (72e31ff) DF gifsponge < @@ PoC, Traces, Fuzzing script
yasm-issue-91 yasm (6caf151) UAF yasm @@ PoC, Traces, Fuzzing script
CVE-2016-4487 cxxfilt (2c49145) UAF ✔️ cxxfilt < @@ PoC, Traces, Fuzzing script
CVE-2018-11416 jpegoptim (d23abf2) DF jpegoptim @@ PoC, Traces, Fuzzing script
mjs-issue-78 mjs (9eae0e6) UAF mjs -f @@ PoC, Traces, Fuzzing script
mjs-issue-73 mjs (e4ea33a) UAF mjs -f @@ PoC, Traces, Fuzzing script
CVE-2018-11496 lzrip (ed51e14) UAF lrzip -t @@ PoC, Traces, Fuzzing script
CVE-2018-10685 lzrip (9de7ccb) UAF lrzip -t @@ PoC, Traces, Fuzzing script
CVE-2019-6455 rec2csv (97d20cc) DF rec2csv @@ PoC, Traces, Fuzzing script
CVE-2017-10686 nasm (7a81ead) UAF ✔️ nasm -f bin @@ -o /dev/null PoC, Traces, Fuzzing script
gifsicle-issue-122 gifsicle (fad477c) DF gifsicle @@ test.gif -o /dev/null PoC, Traces, Fuzzing script
CVE-2016-3189 bzip2 (962d606) UAF ✔️ bzip2recover @@ PoC, Traces, Fuzzing script

UAF bugs found by UAFuzz

Bug ID Program Type Command Relevant bugs
CVE-2019-20633 patch DF patch -Rf < @@ CVE-2018-6952
#1269, #1427, #1440 MP4Box UAF MP4Box -info @@ #1340, #1427
#702253 mutool UAF mutool draw -o /dev/null -R 832 -h 22 @@ #701294
#4266 fontforge UAF fontforge -lang=ff -c 'Open($1)' @@ #4084
#134324, #17117 perl UAF perl @@ #16889, #17051
#25821 readelf DF readelf -a @@
#25823 nm-new UAF nm-new -C @@
boolector UAF boolector @@ #41

uafbench's People

Contributors

strongcourage avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.