vulnerabilities in libbfd (CVE-2014-beats-me)
Michal Zalewski
lcamtuf@coredump.cx
Thu Oct 30 14:20:00 GMT 2014
> We could cook a (simple) ELF fuzzer and run it on Binutils with
> AddressSanitizer enabled. Perhaps there is one I'm unaware of? Traditional
> fuzzers like afl are necessarily limited for highly structured inputs.
Either way should give you decent results. Pretty sure that you'd get
decent mileage out of afl - it can get pretty far with binary files.
/mz
More information about the Binutils
mailing list