Fuzzing

10.

Common Vulnerabilities Discovered by Fuzzing

10.1.

Memory Corruption Bugs

10.1.1.

Buffer Overflows

10.1.1.1.

Stack Buffer Overflows

10.1.1.2.

Heap Buffer Overflows

10.1.2.

10.1.2.1.

Dangling Pointer Dereference

10.1.2.2.

Temporal Memory Safety

10.1.3.

10.1.3.1.

Multiple Deallocation

10.1.3.2.

Heap Corruption

10.1.4.

Integer Overflows

10.1.4.1.

Signed Overflows

10.1.4.2.

Unsigned Overflows

10.1.4.3.

Arithmetic Errors

10.1.5.

Format String Vulnerabilities

10.1.5.1.

Uncontrolled Format Strings

10.1.5.2.

Information Disclosure

10.2.

Denial of Service

10.2.1.

Unhandled Exceptions

10.2.1.1.

Program Crashes

10.2.1.2.

Resource Exhaustion

10.2.2.

10.2.2.1.

10.2.2.2.

Algorithmic Complexity

10.2.3.

Memory Exhaustion

10.2.3.1.

Heap Exhaustion

10.2.3.2.

10.3.

Information Leaks

10.3.1.

Unintended Data Disclosure

10.3.2.

Memory Disclosure

10.3.3.

Timing Side Channels

10.4.

Injection Vulnerabilities

10.4.1.

Command Injection

10.4.1.1.

Shell Command Execution

10.4.1.2.

System Call Injection

10.4.2.

10.4.2.1.

Database Query Manipulation

10.4.3.

10.4.3.1.

Script Injection

10.4.3.2.

Dynamic Code Execution

10.5.

Deserialization Vulnerabilities

10.5.1.

Unsafe Object Deserialization

10.5.2.

Remote Code Execution Risks

10.5.3.

Data Integrity Issues

10.6.

10.6.1.

Authentication Bypass

10.6.2.

Authorization Flaws

10.6.3.

Business Logic Errors

Previous

9. Fuzzing in the Software Development Lifecycle

Go to top

Next

11. Common Fuzzing Tools and Frameworks