List of possible Findings
C/C++
| Name | Type | Description | Severity |
|---|---|---|---|
| Out-of-Bound Access Error | Runtime | An element of an array is accessed with an index that is outside of the bounds of the array. | 6.0 |
| Use After Return | Runtime | A variable (or pointer) is accessed that was created on the stack by another function that has already returned. | 4.0 |
| Use After Scope | Runtime | A variable (or pointer) on the stack is accessed, but the variable has already gone out of scope. | 4.0 |
| Undefined Behavior | Runtime | Various kinds of undefined behavior, e.g. dereferencing misaligned or null pointers. | - |
| Out of Memory | Crash | The application under test tries to allocate more memory than a given threshold. | 9.0 |
| Global Buffer Overflow | Crash | More data is written to a buffer than it can hold. | 9.0 |
| Heap Buffer Overflow | Crash | More data is written to a buffer located on the heap than it can hold, causing the buffer to overflow into adjacent memory. | 9.0 |
| Heap Use After Free | Crash | Memory allocated on the heap is used after it has been freed or deleted. | 8.0 |
| Stack Buffer Overflow | Crash | More data is written to a buffer located on the stack than it can hold, causing the buffer to overflow into adjacent memory. | 7.0 |
| Double Free | Crash | free() is called more than once with the same memory address as an argument. | 7.0 |
| Segmentation Fault | Crash | Memory is accessed that doesn't exist or to which the program has no access permissions. | 7.0 |
| Timeout | Crash | A fuzzing input takes longer than the specified timeout. | 7.0 |
| Stack Exhaustion | Crash | The call stack grows beyond the maximum allowed size. | 4.0 |
| Alloc Dealloc Mismatch | Crash | Allocated memory is not properly freed. | 4.0 |
| ODR Violation | Crash | Duplicate symbols occur in the binary or its dependencies at runtime. | 4.0 |
| Memory Leak | Crash | Memory that is no longer used is not released. | 4.0 |
| Deadly Signal | Crash | The test is terminated via a signal. | 4.0 |
| Slow Input | - | A single invocation of the Fuzz Target succeeds, but takes unusually long to do so. | 2.0 |
Java (JVM)
| Name | Type | Description | Severity |
|---|---|---|---|
| LDAP Injection | Crash | Untrusted data is used in an LDAP query. | 9.0 |
| Remote JNDI Lookup | Crash | Untrusted data is used in a JNDI lookup. | 9.0 |
| OS Command Injection | Crash | Untrusted data is used to execute OS commands. | 9.0 |
| SQL Injection | Crash | Insertion of a SQL query via the input data from the client to the application. | 8.0 |
| Remote Code Execution | Crash | Execution of arbitrary code on a system. | 7.0 |
| Load Arbitrary Library | Crash | Untrusted data is used to load dynamic libraries. | 7.0 |
| Timeout | Crash | A fuzzing input takes longer than the specified timeout. | 7.0 |
| XPath Injection | Crash | Untrusted data is used to execute XPath queries. | 7.0 |
| Server Side Request Forgery | Crash | Able to send crafted requests from the system. | 5.0 |
| Script Engine Injection | Crash | Execution of malicious code by an application that uses a script engine. | 5.0 |
| Deadly Signal | Crash | The test is terminated via a signal. | 4.0 |
| Regular Expression Injection | Crash | Untrusted data is used to execute regular expressions. | 1.0 |
| Possible SQL Injection | Warning | In-progress query has violated SQL syntax rules, possibly resulting in a SQL Injection. | 7.0 |
| Array Out of Bounds | Warning | Accessing an array out of its defined bounds using a read or write operation. | 4.0 |
| Negative Array Size | Warning | Attempting to create an array with a negative size. | 4.0 |
| Dereference of Null Object | Warning | Dereferencing a null object reference. | 4.0 |
| Number Format Exception | Warning | Occurs e.g. when converting a String to a numeric type. | 4.0 |
| Java Exception | Warning | An unhandled exception has been triggered by the fuzzer. | 4.0 |
| Slow Input | - | A single invocation of the Fuzz Target succeeds, but takes unusually long to do so. | 2.0 |
Javascript
| Name | Type | Description | Severity |
|---|---|---|---|
| Command Injection | Crash | Untrusted data is used to execute OS commands. | 9.0 |
| Prototype Pollution | Crash | User-controllable data is able to influence the prototype of an object. | 9.0 |
| Path Traversal | Crash | Access to arbitrary files and directories stored on the system by manipulating variables. | 5.0 |