Installing the Fuzzbuzz CLI
Find your first bug in C or C++
Find your first bug in Go
Find your first bug in Rust
Seeding your fuzzer
Integrating with libFuzzer
Find Heartbleed in 5 Minutes
Protocol Generator Reference
This page contains a list of the various classes of bugs that fuzz testing can find. It contains explanations and example of each bug type, and will be maintained over time as our fuzzing capabilities expand.
Buffer overflows occur when a memory buffer has more data written to it than its size, or when a memory buffer is read beyond its boundaries. In the case of reads, this can result in unintended data exposure. Classic examples include Heartbleed and Cloudbleed. In the case of writes, an attacker may be able to execute arbitrary code or alter the intended control flow of the program. In either case, an attacker may cause unintended crashes or Denial of Service.
Array Index Out of Bounds
Array index out of bounds errors occur when an array index larger than the length of an array is accessed. They can cause unhandled exceptions, denial of service, and other unintended crashes and errors.
Relevant CWEs: CWE 129
Improper Input Validation
Improper input validation can be the source of many unintended errors. Attackers can use malicious inputs to to modify data, deny service, or alter control flow in unexpected ways, including arbitrary command execution.
Memory Use After Free
Memory use after free occurs when a pointer to memory is kept around and accessed after the memory it points to has been freed for use elsewhere. If malicious data is entered, and then used by the old code, it can result in arbitrary code execution. Many zero-day vulnerabilities in applications like Google Chrome and Firefox come in the form of a memory use after free that is then used to gain further access.
Relevant CWE: CWE 416
Invalid Free of Memory
Invalid frees have the potential to cause memory corruption, which could enable an attacker to cause free() to operate on controllable memory locations to modify critical program variables or execute code. In some situations it can also cause the program to crash, resulting in denial of service.
Relevant CWE: CWE 590
Hangs & Timeouts
Hangs and timeouts occur when software takes far longer than the allowed time to process an input, potentially due to infinite loops, deadlocks, or other timing-sensitive issues. In the case of security-sensitive software, attackers can use timing bugs as the basis for various side-channel attacks. Attackers can also exploit these problems by forcing the system to consume excessive amounts of physical resources like CPU, memory, and disk.
Off by One Errors
Off by one errors occur when programmers miscalculate the size of a data structure prior to processing. They can lead to crashes or undefined behavior, as well as infinite loops, data corruption, wrap-around errors and other memory corruption problems.
Relevant CWE: CWE 193
Invalid Bounds Checks
Invalid or improper bounds checks can affect software availability, by causing reads beyond the end of memory buffers resulting in corruption or crashes. They can also cause data integrity issues by mis-validating data, and allowing invalid inputs further into software.
Relevant CWE: CWE 839
Integer overflows or wraparounds can result in undefined behavior, crashes, and data integrity issues. In the context of looping they can also result in infinite loops, which may cause unintended hangs and timeouts.
Relevant CWE: CWE 190
Type errors, confusion and incorrect casts can result in data loss & integrity issues, as well as undefined behavior, crashes, and unhandled exceptions.
Out of Bounds Read
Out of Bounds reads occur when developers miscalculate the boundary of a buffer, and reads data past the end or beginning of the buffer. This can allow attackers to read sensitive information from other memory locations, or in some situations cause crashes and denial of service.
Relevant CWE: CWE 125
Out of Bounds Write
Out of Bounds writes occur when developers miscalculate the boundary of a buffer, and writes data past the end or beginning of the buffer. This can result in data corruption or crashes, and in some situations can be exploited by an attacker to achieve arbitrary code execution capabilities.
Relevant CWE: CWE 787
Memory corruption bugs involve the improper handling and usage of memory in unsafe languages like C or C++. They can involve access control violations, undefined behavior, data integrity issues, and other serious vulnerabilities.
Null Pointer Dereference
Null pointer dereferences occur when a program attempts to dereference a pointer it expects to be valid, but instead turns out to be null. They generally result in denial of service as a result of crashes or unexpected aborts.
Relevant CWE: CWE 476
Invalid Memory Pointer
Invalid pointer errors occur when incorrectly-calculated memory pointers are used to access data. They can result in data confidentiality problems, memory corruption errors, and potentially arbitrary code execution.
Relevant CWE: CWE 786
Race conditions include all classes of bugs to do with improper handling of concurrent code execution. They can include misuse of mutexes, improper handling of concurrent reads and writes to shared data structures, or other synchronization and idempotency bugs. Race conditions may result in data integrity issues, memory corruption, denial of service, and other crashes.
Undefined behavior consists of the class of bugs related to mishandling of memory, or reliance on unspecified implementation details, that can result in undefined behavior. Examples can include signed integer overflows, null pointer dereferences, returning pointers to stack variables from functions, or reliance on behviors that are undefined in the specification of the programming language in use. Undefined behavior can result in data integrity problems, memory corruption, crashes, denial of service, and in some situations enable attackers to achieve remote/arbitrary code execution.
Unhandled exceptions occur when developers to not take every possible exception into account when handling errors. Improper exception handling can result in crashes, sensitive data exposure, and denial of service.
Relevant CWE: CWE 248
Denial of Service
Denial of service encompasses all types of unhandled exceptions, memory corruption, and crashing errors that result in critical services becoming unexpectedly unavailable.
Infinite loops occur when developers miscalculate the proper boundary or exit conditions for a loop. Attackers can exploit these loops to consume excessive amounts of physical resources like CPU, memory, and disk.
Relevant CWE: CWE 835