• Title/Summary/Keyword: Heap Memory Vulnerability

Search Result 2, Processing Time 0.017 seconds

Automated Method for Detecting OOB Vulnerability of Heap Memory Using Dynamic Symbolic Execution (동적 기호 실행을 이용한 힙 메모리 OOB 취약점 자동 탐지 방법)

  • Kang, Sangyong;Park, Sunghyun;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.4
    • /
    • pp.919-928
    • /
    • 2018
  • Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

A Out-of-Bounds Read Vulnerability Detection Method Based on Binary Static Analysis (바이너리 정적 분석 기반 Out-of-Bounds Read 취약점 유형 탐지 연구)

  • Yoo, Dong-Min;Jin, Wen-Hui;Oh, Heekuck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.687-699
    • /
    • 2021
  • When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.