Experiments: To validate
the effectiveness of our tool EMOFuzz, we designed a series of
experiments to verify the results of identification exploitable objects.
We selected 5 OOB write bugs from several general-purpose programs.
Under various overflow lengths, we conduct 3 fuzzing tests, within each
fuzzing last for 24 hours. All the experiments were set up on Ubuntu
18.04 LTS, with an Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz and 1TB of
RAM. The experimental results are shown in Table 2.
Table 2 illustrates that EMOFuzz can effectively identifies exploitable
objects for out-of-bounds write bugs, it can find out exploitable
objects for all bugs within 24 hours fuzzing campaign. Generally, the
more bytes the data are tainted, the more potential exploitable objects
EMOFuzz can identify. Specially, as for CVE-2021-3156, which is heap
overflow occurs in sudo program, within publicly available
exploits. EMOFuzz identified a new exploitable object,sudo_hook_entry for exploit, which could lead to an AAW forsudo . As for gpac-issue-1317, we failed to find any exploitable
objects initially until we increased the tainted length to 128 bytes.