AndrewFasano
commented
5 years ago For now, all the bugs we add focus on corrupting pointers. We can corrupt them as they're dereferenced or when they're passed as arguments to a function. They're conditionally corrupted depending on a trigger or set of triggers matching some constraints.
All the code to do this is in tools/lavaTool/include.
For more information, check out our paper. We've made some improvements since then, but the classes of vulnerabilities we support hasn't changed much.
All,
Is there a list of which vulnerabilities LAVA can add?
Thanks!