Finding instrumentable locations for fuzzing via static binary analysis

Abstract

In the 21st century, the rapid growth of technology has become indispensable in people’s daily lives. Technological devices are built upon software programs, in which software programs are getting more complex in the development of technology. The exploitation of vulnerabilities exists in every software program is still prevalent, which leads to zero-day vulnerabilities. This highlights the importance of discovering pre-existing and patching against such vulnerabilities before exploitations could occur. In this study, we perform fuzzing on open-source projects in the Linux environment using American Fuzzy Lop Plus (AFL++). The input files (seeds) consist of a set of standard binary files in Unifuzz seed bank and previously submitted Proof-of-Concept (POC) files by other security researchers. This paper provides a detailed explanation and highlights each step taken for the fuzzing campaign done through a period of 7 months on the Program Under Test (PUT) with the seeds mentioned above. The crash found was a reproducible crash and the information on the vulnerability has been submitted to huntr.dev to notify the developers of the program.