EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A Fuzzer for Detecting Use-After-Free Vulnerabilities

Xiaoqi Zhao, Haipeng Qu, Jiaohong Yi (), Jinlong Wang, Miaoqing Tian and Feng Zhao
Additional contact information
Xiaoqi Zhao: School of Information and Control Engineering, Qingdao University of Technology, Qingdao 266520, China
Haipeng Qu: School of Computer Science and Technology, Ocean University of China, Qingdao 266100, China
Jiaohong Yi: School of Information and Control Engineering, Qingdao University of Technology, Qingdao 266520, China
Jinlong Wang: School of Information and Control Engineering, Qingdao University of Technology, Qingdao 266520, China
Miaoqing Tian: School of Information and Control Engineering, Qingdao University of Technology, Qingdao 266520, China
Feng Zhao: Shandong Zhuowen Information Technology Co., Dongying 257300, China

Mathematics, 2024, vol. 12, issue 21, 1-21

Abstract: Fuzzing is an extensively used automated vulnerability detection technique. Most existing fuzzers are guided by edge coverage, which makes them less effective in detecting specific vulnerabilities, especially use-after-free (UAF) vulnerabilities. This is because the triggering of a UAF vulnerability must not only cover a specific memory operation but also satisfy a specific sequence of operations. In this paper, we propose UAF-Fuzzer for detecting UAFs, which consists of static analysis and fuzzing stages. In the static analysis stage, UAF-Fuzzer first uses target identification to determine the basic blocks that may cause UAFs as the target basic blocks; subsequently, it then instruments these target basic blocks. Subsequently, we propose a memory operation evaluation method to assess the complexity of memory operations. In the fuzzing stage, UAF-Fuzzer assigns energy to seeds using a memory evaluation operation and employs a novel seed selection algorithm to prioritize the execution of test cases that are likely to trigger UAF vulnerabilities. We designed and implemented a UAF-Fuzzer to improve the detection of UAFs and compared it with AFL, AFLFast, FairFuzz, MOPT, EcoFuzz, and TortoiseFuzz in terms of UAF vulnerability detection, crash detection, and path discovery. The results showed that UAF-Fuzzer is more effective in terms of detecting UAF vulnerabilities. We have also discovered three UAF vulnerabilities, submitted them to the software maintainer for fixing, and obtained CVE IDs.

Keywords: fuzzing; use-after-free; double free; instrumentation; bug detection (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/12/21/3431/pdf (application/pdf)
https://www.mdpi.com/2227-7390/12/21/3431/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:12:y:2024:i:21:p:3431-:d:1512477

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jmathe:v:12:y:2024:i:21:p:3431-:d:1512477