List of Possible Findings
C/C++
| Name | Type | Description | Severity |
|---|---|---|---|
| Out-of-Bound Access Error | Runtime | Access of an element of an array with an index that's outside of the bounds of the array. | 6.0 |
| Use After Return | Runtime | Access of a variable or pointer created on the stack by another function that has already returned. | 4.0 |
| Use After Scope | Runtime | Access of a variable or pointer on the stack, but the variable has already gone out of scope. | 4.0 |
| Undefined Behavior | Runtime | Various kinds of undefined behavior, for example dereferencing misaligned or null pointers. | - |
| Out of Memory | Crash | Allocation of memory beyond a given threshold. | 9.0 |
| Global Buffer Overflow | Crash | Writing more data to a buffer than it can hold. | 9.0 |
| Heap Buffer Overflow | Crash | Writing more data to a buffer located on the heap than it can hold. | 9.0 |
| Heap Use After Free | Crash | Usage of memory allocated on the heap after it has been freed or deleted. | 8.0 |
| Stack Buffer Overflow | Crash | Writing more data to a buffer located on the stack than it can hold. | 7.0 |
| Double Free | Crash | Calling free() more than once with the same memory address as an argument. | 7.0 |
| Segmentation Fault | Crash | Access of memory that doesn't exist or to which the program has no access permissions. | 7.0 |
| Timeout | Crash | Fuzzing input takes longer than the specified timeout. | 7.0 |
| Stack Exhaustion | Crash | Call stack grows beyond the maximum allowed size. | 4.0 |
| Alloc Dealloc Mismatch | Crash | Allocated memory isn't properly freed. | 4.0 |
| ODR Violation | Crash | Duplicate symbols occur in the binary or its dependencies at runtime. | 4.0 |
| Memory Leak | Crash | Unused memory isn't released. | 4.0 |
| Deadly Signal | Crash | Termination of the test via a signal. | 4.0 |
| Slow Input | - | A single invocation of the fuzz test succeeds, but takes unusually long to do so. | 2.0 |
Java (JVM)
| Name | Type | Description | Severity |
|---|---|---|---|
| LDAP Injection | Crash | Usage of untrusted data in an LDAP query. | 9.0 |
| Remote JNDI Lookup | Crash | Usage of Untrusted data in a JNDI lookup. | 9.0 |
| OS Command Injection | Crash | Usage of Untrusted data to execute OS commands. | 9.0 |
| SQL Injection | Crash | Insertion of a SQL query via the input data from the client to the application. | 8.0 |
| Remote Code Execution | Crash | Execution of arbitrary code on a system. | 7.0 |
| Load Arbitrary Library | Crash | Usage of untrusted data to load dynamic libraries. | 7.0 |
| Timeout | Crash | Fuzzing input takes longer than the specified timeout. | 7.0 |
| XPath Injection | Crash | Usage of untrusted data to execute XPath queries. | 7.0 |
| Server Side Request Forgery | Crash | Able to send crafted requests from the system. | 5.0 |
| Script Engine Injection | Crash | Execution of malicious code by an application that uses a script engine. | 5.0 |
| Deadly Signal | Crash | Termination of the test via a signal. | 4.0 |
| Regular Expression Injection | Crash | Usage of untrusted to execute regular expressions. | 1.0 |
| Possible SQL Injection | Warning | Violation of SQL syntax rules by in-progress query, possibly resulting in a SQL Injection. | 7.0 |
| Array Out of Bounds | Warning | Accessing an array out of its defined bounds using a read or write operation. | 4.0 |
| Negative Array Size | Warning | Attempting to create an array with a negative size. | 4.0 |
| Dereference of Null Object | Warning | Dereferencing a null object reference. | 4.0 |
| Number Format Exception | Warning | Occurs for example when converting a String to a numeric type. | 4.0 |
| Java Exception | Warning | Trigger of an unhandled exception by the fuzzer. | 4.0 |
| Slow Input | - | A single invocation of the fuzz test succeeds, but takes unusually long to do so. | 2.0 |
JavaScript
| Name | Type | Description | Severity |
|---|---|---|---|
| Command Injection | Crash | Usage of untrusted data to execute OS commands. | 9.0 |
| Prototype Pollution | Crash | User-controllable data can influence the prototype of an object. | 9.0 |
| Path Traversal | Crash | Access to arbitrary files and directories stored on the system by manipulating variables. | 5.0 |