Cost-Efficient Vulnerability Detection
We randomly selected nine heavily-fuzzed OSS-Fuzz projects and scanned them with Revelio, our end-to-end vulnerability detection agent that generates verifiable PoCs (Proof-of-Concept).
After about one hour per project and $300 in spending, Revelio uncovered:
- 14 security-related issues (confirmed by manual validation)
- 5 requested CVEs, confirmed by maintainers
These are not recently introduced: the vulnerabilities of two assigned CVEs were there for almost 10 years. Confirmed vulnerabilities in DNSMasq and OpenEXR can lead to heap out-of-bounds read and adjacent heap corruption. These repositories are critical: DNSMasq is used in essentially every router and embedded device, and OpenEXR is used across major video studios and render firms.
And these are just a small tip of the iceberg. Revelio found various types of vulnerabilities, including seven integer overflows, six heap buffer overflows, and multiple use-after-frees, stack overflows, out-of-bounds read/write, etc. By uncovering these issues, Revelio protects software that depends on the affected libraries, either directly or transitively.
Takeaway: you don’t need a secret model or complex orchestration to find real security issues. You need an effective, affordable, and reliable harness.
Contributors
Yiwei Hou, Hao Wang, Muxi Lyu, Marius Momeu, Dawn Song, Koushik Sen, David Wagner, Eric Nguyen, Taige Yang