Security

Dowser: A Guided Fuzzer to Find Buffer Overflow Vulnerabilities

Date Added: Apr 2013
Format: PDF

Dowser is a 'Guided' fuzzer that combines taint tracking, program analysis and symbolic execution to find buffer overflow vulnerabilities buried deep in the program's logic. Intuitively, a piece of code with convoluted pointer arithmetic instructions may be more prone to memory errors than straightforward array accesses. More importantly, the more complex the bugs and the more convoluted the pointer arithmetic, the harder it will be to find using existing techniques like random fuzzing, and static analysis.