Search papers, labs, and topics across Lattice.
This paper introduces LiveFuzz, a directed greybox fuzzing (DGF) approach to detect the exploitability of library vulnerabilities from client programs, even without existing proof-of-concepts. LiveFuzz extends DGF to cross-program scenarios using a target tuple and introduces Abstract Path Mapping to address path length biases, along with risk-based adaptive mutation. Evaluation on a dataset of 61 library vulnerabilities shows LiveFuzz improves target reachability and vulnerability exposure speed, uniquely triggering three vulnerabilities.
Discovering exploitable library vulnerabilities in client code doesn't require proof-of-concept exploits anymore, thanks to a new fuzzing technique.
Developers utilize third-party libraries to improve productivity, which also introduces potential security risks. Existing approaches generate tests for public functions to trigger library vulnerabilities from client programs, yet they depend on proof-of-concepts (PoCs), which are often unavailable. In this paper, we propose a new approach, LiveFuzz, based on directed greybox fuzzing (DGF) to detect the exploitability of library vulnerabilities from client programs without PoCs. LiveFuzz exploits a target tuple to extend existing DGF techniques to cross-program scenarios. Based on the target tuple, LiveFuzz introduces a novel Abstract Path Mapping mechanism to project execution paths, mitigating the preference for shorter paths. LiveFuzz also proposes a risk-based adaptive mutation to mitigate excessive mutation. To evaluate LiveFuzz, we construct a new dataset including 61 cases of library vulnerabilities exploited from client programs. Results show that LiveFuzz increases the number of target-reachable paths compared with all baselines and improves the average speed of vulnerability exposure. Three vulnerabilities are triggered exclusively by LiveFuzz.
