Joern

A Robust Code Analysis Platform for C/C++

Wall of Bugs

This is a list of bugs which have been found using joern or approaches built on top of joern. If you want bugs you found to appear on this page, please contact fabs at goesec dot de.

Vulnerabilities uncovered with traversals

Wireshark

Linux Kernel

  • doc CVE-2013-4512
    Buffer overflow in the exitcode_proc_write function
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-4513
    Buffer overflow in the Ozmo Devices USB over WiFi devices
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-4514 (2 Bugs)
    Buffer overflows in the Linux kernel's driver for Agere Sys. HERMES II WiFi PC Cards
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-4515
    Information leak in the Linux kernel's driver for Beceem WIMAX chipset based devices
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-4516
    Information leak in the Linux kernel's driver for the SystemBase Multi-2/PCI serial cards
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-6378
    Flaw in the Linux kernel's debugfs filesystem
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-6380
    Invalid pointer dereference in the driver for Adaptec AACRAID scsi raid devices
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-6381
    Buffer overflow in the qeth_snmp_command function
    Nico Golde, Fabian Yamaguchi
  • doc CVE-2013-6763
    Flaw in the Linux kernel's userspace IO (uio) driver
    Nico Golde, Fabian Yamaguchi

VLC Media Player

  • doc CVE-2014-9625
    Heap-based buffer overflow caused by an integer truncation in VLC's automated updater
    Fabian Yamaguchi
  • doc CVE-2014-9627
    Integer truncation in the MP4 demuxer on 32 bit platforms
    Fabian Yamaguchi
  • doc CVE-2014-9628
    Zero-byte allocation in the MP4 demuxer allows a heap-based buffer overflow to be triggered
    Fabian Yamaguchi
  • doc CVE-2014-9629 (2 Bugs)
    Potential heap-based buffer overflows in the Schroedinger and Dirac encoders
    Alwin Maier, Fabian Yamaguchi
  • doc CVE-2014-9630
    Attacker controlled stack allocation in RTP streaming code
    Alwin Maier, Fabian Yamaguchi
  • doc CVE-2015-1202
    Attacker controlled stack allocation in SAP service discovery code
    Alwin Maier, Fabian Yamaguchi
  • doc CVE-2015-1203
    Attacker controlled stack allocation in FTP access module
    Alwin Maier, Fabian Yamaguchi

Vulnerabilities uncovered with machine learning

Pidgin

  • doc CVE-2013-6483
    Denial of service vulnerability in handling of the the XMPP protocol.
    Fabian Yamaguchi, Christian Wressnegger
  • doc CVE-2013-6482 (3 Bugs)
    Denial of service vulnerabilities in processing of SOAP messages.
    Fabian Yamaguchi, Christian Wressnegger
  • doc CVE-2012-2318
    Incoming messages with certain characters or character encodings can cause clients to crash.
    Fabian Yamaguchi

libarchive

  • doc CVE-2013-0211
    Buffer overread due to an integer signedness issue in the function archive_write_zip_data.
    Fabian Yamaguchi

ffmpeg

  • doc CVE-2011-4364
    Heap-based buffer overflow in the Sierra VMD decoder allows for arbitrary code execution.
    Fabian Yamaguchi
  • doc CVE-2012-0947
    Heap-based buffer overflow in the VQA codec may allow for arbitrary code execution.
    Markus Lottmann, Fabian Yamaguchi