Experiments: To validate the effectiveness of our tool EMOFuzz, we designed a series of experiments to verify the results of identification exploitable objects. We selected 5 OOB write bugs from several general-purpose programs. Under various overflow lengths, we conduct 3 fuzzing tests, within each fuzzing last for 24 hours. All the experiments were set up on Ubuntu 18.04 LTS, with an Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz and 1TB of RAM. The experimental results are shown in Table 2.
Table 2 illustrates that EMOFuzz can effectively identifies exploitable objects for out-of-bounds write bugs, it can find out exploitable objects for all bugs within 24 hours fuzzing campaign. Generally, the more bytes the data are tainted, the more potential exploitable objects EMOFuzz can identify. Specially, as for CVE-2021-3156, which is heap overflow occurs in sudo program, within publicly available exploits. EMOFuzz identified a new exploitable object,sudo_hook_entry for exploit, which could lead to an AAW forsudo . As for gpac-issue-1317, we failed to find any exploitable objects initially until we increased the tainted length to 128 bytes.