Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Jun 2019 17:53:41 -0700
From: Seth Arnold <>
Subject: Re: Thousands of vulnerabilities, almost no CVEs:

On Mon, Jun 24, 2019 at 07:15:20PM -0400, Alex Gaynor wrote:
> sounds very hard to me, at least without requiring more user involvement
> than ASAN requires right now. This seems like a very cool area for academic
> research though!

Have you tried the gdb exploitable plugin yet?

Some of the tools written around AFL have included support for running
exploitable directly on the fuzzer results and helping to prioritize,
roughly, in what order the specimens should be worked on:

with a direct link to a pretty screenshot:

I assume like most such tools, this is another case of being a good start
but not nearly as reliable as a knowledgeable human. It's also probably
completely useless for issues that aren't memory-safety issues. But it's
something that exists today and may be helpful.


Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.