Identifying exploitable memory objects for out‐of‐bound write vulnerabilities

Runhao Li; Bin Zhang; Chaojing Tang

doi:10.1049/ell2.13136

Electronics Letters (Mar 2024)

Identifying exploitable memory objects for out‐of‐bound write vulnerabilities

Runhao Li,
Bin Zhang,
Chaojing Tang

Affiliations

Runhao Li: National University of Defense Technology Changsha China
Bin Zhang: National University of Defense Technology Changsha China
Chaojing Tang: National University of Defense Technology Changsha China

DOI: https://doi.org/10.1049/ell2.13136
Journal volume & issue: Vol. 60, no. 5
pp. n/a – n/a

Abstract

Read online

Abstract Exploiting an out‐of‐bounds write vulnerability in general‐purpose applications has become a current research focus. Given the large scale of code in programs, selecting appropriate memory objects for exploitation is challenging. This letter proposes a corrupted data propagation‐guided fuzzing method. By tracking the propagation process of corrupted data among memory objects, a multi‐level fuzzing schedule is proposed to search the execution paths. Experimental results show that this proposed method, EMOFuzz, can effectively identify exploitable objects under various overflow lengths, significantly enhancing the efficiency of exploitability analysis.

Published in Electronics Letters

ISSN: 0013-5194 (Print); 1350-911X (Online)
Publisher: Wiley
Country of publisher: United Kingdom
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ietresearch.onlinelibrary.wiley.com/journal/1350911X

About the journal

Abstract

Keywords