Cisco Blogs

Exploitable or Not Exploitable? Using REVEN to Examine a NULL Pointer Dereference.

August 2, 2018 - 0 Comments

It can be very time-consuming to determine if a bug is exploitable or not. In this post, we’ll show how to decide if a vulnerability is exploitable by tracing back along the path of execution that led to a crash.

Probing for software vulnerabilities through fuzzing tends to lead to the identification of many NULL-pointer dereference crashes. Fuzzing involves taking various permutations of data and feeding those permutations to a target program until one of those permutations reveals a vulnerability. The kinds of software bugs we reveal with fuzzing may be denial-of-service vulnerabilities that aren’t particularly critical and simply cause the software under test to crash. However, they could also be evidence of an arbitrary code execution vulnerability where the NULL pointer can be controlled, leading to the execution of code supplied by an attacker.

Read More >>>

Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.