English
Related papers

Related papers: Triggering and Detecting Exploitable Library Vulne…

200 papers

Directed greybox fuzzing (DGF) can quickly discover or reproduce bugs in programs by seeking to reach a program location or explore some locations in order. However, due to their static stage division and coarse-grained energy scheduling,…

Cryptography and Security · Computer Science 2022-07-01 Hongliang Liang , Xianglin Cheng , Jie Liu , Jin Li

Directed greybox fuzzing (DGF) focuses on efficiently reaching specific program locations or triggering particular behaviors, making it essential for tasks like vulnerability detection and crash reproduction. However, existing methods often…

Cryptography and Security · Computer Science 2025-05-07 Hanxiang Xu , Yanjie Zhao , Haoyu Wang

Directed greybox fuzzing (DGF) aims to efficiently trigger bugs at specific target locations by prioritizing seeds whose execution paths are more likely to reach the targets. However, existing DGF approaches suffer from imprecise potential…

Cryptography and Security · Computer Science 2026-02-03 Yifan Zhang , Xin Zhang

Directed fuzzing focuses on automatically testing specific parts of the code by taking advantage of additional information such as (partial) bug stack trace, patches or risky operations. Key applications include bug reproduction, patch…

Cryptography and Security · Computer Science 2020-08-18 Manh-Dung Nguyen , Sébastien Bardin , Richard Bonichon , Roland Groz , Matthieu Lemerre

Greybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage-guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs,…

Cryptography and Security · Computer Science 2023-11-22 Pengfei Wang , Xu Zhou , Tai Yue , Peihong Lin , Yingying Liu , Kai Lu

A fundamental problem in cybersecurity and computer science is determining whether a program is free of bugs and vulnerabilities. Fuzzing, a popular approach to discovering vulnerabilities in programs, has several advantages over…

Cryptography and Security · Computer Science 2026-01-27 Ian Hardgrove , John D. Hastings

Java deserialization vulnerability is a severe threat in practice. Researchers have proposed static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate proof-of-concept (PoC) serialized objects to…

Cryptography and Security · Computer Science 2023-04-11 Sicong Cao , Biao He , Xiaobing Sun , Yu Ouyang , Chao Zhang , Xiaoxue Wu , Ting Su , Lili Bo , Bin Li , Chuanlei Ma , Jiajia Li , Tao Wei

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively…

Cryptography and Security · Computer Science 2020-05-22 Van-Thuan Pham , Marcel Böhme , Andrew E. Santosa , Alexandru Răzvan Căciulescu , Abhik Roychoudhury

Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize…

Cryptography and Security · Computer Science 2026-01-27 Raghul Saravanan , Sudipta Paria , Aritra Dasgupta , Swarup Bhunia , Sai Manoj P D

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

Software Engineering · Computer Science 2026-01-21 Chi Thien Tran

Deep learning (DL) systems can make our life much easier, and thus are gaining more and more attention from both academia and industry. Meanwhile, bugs in DL systems can be disastrous, and can even threaten human lives in safety-critical…

Software Engineering · Computer Science 2022-03-01 Anjiang Wei , Yinlin Deng , Chenyuan Yang , Lingming Zhang

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Code reuse in software development frequently facilitates the spread of vulnerabilities, making the scope of affected software in CVE reports imprecise. Traditional methods primarily focus on identifying reused vulnerability code within…

Software Engineering · Computer Science 2024-11-28 Siyuan Li , Yuekang Li , Zuxin Chen , Chaopeng Dong , Yongpan Wang , Hong Li , Yongle Chen , Hongsong Zhu

Contemporary fuzz testing techniques focus on identifying memory corruption vulnerabilities that allow adversaries to achieve either remote code execution or information disclosure. Meanwhile, Algorithmic Complexity (AC)vulnerabilities,…

Cryptography and Security · Computer Science 2020-02-18 William Blair , Andrea Mambretti , Sajjad Arshad , Michael Weissbacher , William Robertson , Engin Kirda , Manuel Egele

Deep Learning (DL) libraries such as PyTorch provide the core components to build major AI-enabled applications. Finding bugs in these libraries is important and challenging. Prior approaches have tackled this by performing either API-level…

Software Engineering · Computer Science 2025-09-19 Feiran Qin , M. M. Abid Naziri , Hengyu Ai , Saikat Dutta , Marcelo d'Amorim

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an…

Cryptography and Security · Computer Science 2025-05-05 Gianpietro Castiglione , Marcello Maugeri , Giampaolo Bella

Greybox fuzzing is a lightweight testing approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is…

Cryptography and Security · Computer Science 2018-07-23 Valentin Wüstholz , Maria Christakis

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult…

Cryptography and Security · Computer Science 2019-02-27 Shirin Nilizadeh , Yannic Noller , Corina S. Pasareanu

Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper…

Software Engineering · Computer Science 2019-10-14 Saahil Ognawala , Fabian Kilger , Alexander Pretschner
‹ Prev 1 2 3 10 Next ›