Large-scale analysis of format string vulnerabilities in Debian Linux

  title={Large-scale analysis of format string vulnerabilities in Debian Linux},
  author={Karl Chen and David A. Wagner},
Format-string bugs are a relatively common security vulnerability, and can lead to arbitrary code execution. In collaboration with others, we designed and implemented a system to eliminate format string vulnerabilities from an entire Linux distribution, using type-qualifier inference, a static analysis technique that can find taint violations. We successfully analyze 66% of C/C++ source packages in the Debian 3.1 Linux distribution. Our system finds 1,533 format string taint warnings. We… CONTINUE READING
Highly Cited
This paper has 41 citations. REVIEW CITATIONS
27 Citations
3 References
Similar Papers


Publications citing this paper.
Showing 1-10 of 27 extracted citations


Publications referenced by this paper.
Showing 1-3 of 3 references

Similar Papers

Loading similar papers…