| CVE ID | Software | Description |
|---|---|---|
| CVE-2019-14247 | mpg321 | Heap OOB Write |
| CVE-2019-14248 | nasm | NULL ptr dereference |
| CVE-2019-14249 | libdwarf | Divide by Zero |
| CVE-2019-14250 | nm-new | Heap OOB Read |
| CVE-2019-16161 | Onigmo | NULL ptr dereference |
| CVE-2019-16162 | Onigmo | Heap OOB Read |
| CVE-2019-16163 | Oniguruma | Stack Exhaution |
Ren Kimura RKX1209
RKX1209
/ fuzz_template.json
Created
February 11, 2020 07:23
Fuzzing Firm (python3 fuzzing.py fuzz_template.json)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "PROJECT": "afl", | |
| "ROOT": ".", | |
| "FUZZER": "$ROOT/afl/afl-fuzz", | |
| "SCHEDULE": "", | |
| "PREPROCESS": "", | |
| "BINARY": "imginfo", | |
| "BINVERSION": "19", | |
| "BINOPT": "-f @@", | |
| "BINPATH": "$ROOT/dataset/apps/$BINARY", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import argparse | |
| import HTMLParser | |
| import io | |
| import os | |
| import re | |
| import shutil | |
| import string | |
| import subprocess |
RKX1209
/ generate_dictionary.py
Created
February 11, 2020 04:48
./generate_dictionary.py --fuzzer <binary executable> --out ./out.dict
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2 | |
| # | |
| # Copyright 2016 The Chromium Authors. All rights reserved. | |
| # Use of this source code is governed by a BSD-style license that can be | |
| # found in the LICENSE file. | |
| """Generate a dictionary for libFuzzer or AFL-based fuzzer. | |
| Invoked manually using a fuzzer binary and target format/protocol specification. | |
| Works better for text formats or protocols. For binary ones may be useless. | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/bff-2.8/batch.sh b/bff-2.8/batch.sh | |
| index a7fb5ef22a..6c0af417df 100755 | |
| --- a/bff-2.8/batch.sh | |
| +++ b/bff-2.8/batch.sh | |
| @@ -66,7 +66,8 @@ contains() { | |
| scriptlocation=`echo "$(cd "$(dirname "$0")"; pwd)/"` | |
| echo Script location: $scriptlocation/bff.py | |
| platform=`uname -a` | |
| -PINURL=https://software.intel.com/sites/landingpage/pintool/downloads/pin-3.0-76991-gcc-linux.tar.gz | |
| +#PINURL=https://software.intel.com/sites/landingpage/pintool/downloads/pin-3.0-76991-gcc-linux.tar.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/build/toolchain.gypi b/build/toolchain.gypi | |
| index 9f4cedc478..b93c5c4962 100644 | |
| --- a/build/toolchain.gypi | |
| +++ b/build/toolchain.gypi | |
| @@ -158,6 +158,11 @@ | |
| }], | |
| ], | |
| 'target_defaults': { | |
| + 'cflags': [ | |
| + '-fPIC', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import networkx | |
| import angr | |
| import tracer | |
| import sys | |
| import os | |
| import logging | |
| import pickle | |
| import argparse | |
| from collections import Counter |
RKX1209
/ lava-m-file.diff
Last active
November 27, 2018 05:56
LAVA for 32bit /usr/bin/file source code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/apprentice.c b/src/apprentice.c | |
| index 47b4c87..fe04a17 100644 | |
| --- a/src/apprentice.c | |
| +++ b/src/apprentice.c | |
| @@ -282,7 +282,7 @@ static const struct type_tbl_s special_tbl[] = { | |
| # undef XX_NULL | |
| private int | |
| -get_type(const struct type_tbl_s *tbl, const char *l, const char **t) | |
| +get_type(int *data_flow, const struct type_tbl_s *tbl, const char *l, const char **t) |
RKX1209
/ emucorn.patch
Last active
March 10, 2018 22:12
Unicorn ARM64 tracer patch, for debugging your own emulator (HEAD: Mephisto 6092782cc0e64f34aaa4eab623e7a8c518d1abc2)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Cpu.cpp b/Cpu.cpp | |
| index 61c2aa7..64c9b8f 100644 | |
| --- a/Cpu.cpp | |
| +++ b/Cpu.cpp | |
| @@ -1,4 +1,5 @@ | |
| #include "Ctu.h" | |
| +#define ARM64_REG_X(r) UC_ARM64_REG_X ## r | |
| void intrHook(uc_engine *uc, uint32_t intNo, void *user_data) { | |
| ((Cpu *) user_data)->interruptHook(intNo); |
NewerOlder