Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis 2020
DOI: 10.1145/3395363.3397372
|View full text |Cite
|
Sign up to set email alerts
|

WEIZZ: automatic grey-box fuzzing for structured binary formats

Abstract: Fuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed. Applications working with complex formats are however more difficult to take on, as inputs need to meet certain format-specific characteristics to get through the initial parsing stage and reach deeper behaviors of the program.Unlike prior proposals based on manually written format specifications, we propose a technique to automatically generate and mutate inputs for unknown chunk-… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
29
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
3
3
3

Relationship

1
8

Authors

Journals

citations
Cited by 48 publications
(29 citation statements)
references
References 22 publications
0
29
0
Order By: Relevance
“…Beside the memory corruptions we found in the state log experiment in Section V-D and the novel crashes found in the CGC dataset, we also performed experiments on other software to further demonstrate that IJON is useful for finding security bugs. In particular, we picked dmg2img, a tool that was very recently fuzzed by the authors of WEIZZ [18]. We applied patches for the vulnerabilities found, and continued fuzzing using IJON.…”
Section: G Real-world Softwarementioning
confidence: 99%
“…Beside the memory corruptions we found in the state log experiment in Section V-D and the novel crashes found in the CGC dataset, we also performed experiments on other software to further demonstrate that IJON is useful for finding security bugs. In particular, we picked dmg2img, a tool that was very recently fuzzed by the authors of WEIZZ [18]. We applied patches for the vulnerabilities found, and continued fuzzing using IJON.…”
Section: G Real-world Softwarementioning
confidence: 99%
“…With it, variants of specific targets can also be written by experienced security testers. Fioraldi et al [30] proposed a new technique that can generate and mutate inputs automatically for the binary format of unknown basic blocks. This technique enables the input to meet the characteristics of certain formats during the initial analysis phase and enables deeper path access.…”
Section: Related Workmentioning
confidence: 99%
“…WEIZZ [34] explores instead a different approach that flips one bit at a time on the entire input, checking after each bit flip which comparison operands have changed during the program execution, possibly suggesting a dependency between the altered bit and the affected branch conditions. While more accurate than colorization, this approach may incur a large overhead, especially in presence of large inputs.…”
Section: Coverage-based Grey-box Fuzzing An Orthogonal Approach To Se Is Coverage-based Grey-box Fuzzing (Cgf)mentioning
confidence: 99%
“…5 a 0 d b a, objdump 2.34, optipng 0.7.6, readelf 2.34, tcpdump 4.9.3 (libpcap 1.9.1), and tiff2pdf 4.1.0. These targets have been heavily fuzzed by the community [27], and used in previous evaluations of state-of-the-art fuzzers [4], [5], [10], [33], [34]. As seeds, we use the AFL test cases [1], or when missing, minimal syntactically valid files [40].…”
Section: Ev a L U A T Io Nmentioning
confidence: 99%