Share
## https://sploitus.com/exploit?id=A098D50C-565B-577C-9EDE-BB72124ABD5E
# Fuzzing Portfolio Project: Heap Overflow Discovery
**Author:** Fuad
**Date:** February 2026
**Duration:** 4 days
**Tools:** Python, GCC, ASan, GDB
## ๐ฏ Project Overview
Custom mutation-based fuzzer that discovered a heap buffer overflow vulnerability in a JSON parser through automated testing. Includes full vulnerability analysis, proof-of-concept exploit, and remediation recommendations.
## ๐ Key Achievements
- โ
Built custom mutation-based fuzzer from scratch
- โ
Discovered heap buffer overflow (CWE-122) in 64 characters
### Root Cause
```c
32 char* result = malloc(64); // Fixed allocation
...
61 memcpy(result, start, len); // No bounds check! ๐ฅ
```
### Impact
- Denial of Service (guaranteed crash)
- Memory corruption (heap metadata overwrite)
- Potential RCE (with additional primitives)
## ๐ Test Results
| Test Case | Input Size | Result |
|-----------|-----------|--------|
| Control | 50 bytes | โ
No crash |
| Edge | 63 bytes | โ
No crash |
| Minimal Overflow | 65 bytes | โ **CRASH** |
| Large Overflow | 100 bytes | โ **CRASH** |
| Massive Overflow | 500 bytes | โ **CRASH** |
**Crash Boundary:** 64 bytes (exact)
**Reproducibility:** 100%
## ๐ง Technical Skills Demonstrated
### Fuzzing
- Custom mutation strategies (8 techniques)
- Coverage-guided feedback loop
- Crash deduplication (MD5 hashing)
- High-speed execution (27k/sec)
### Vulnerability Analysis
- Root cause identification
- Memory forensics with GDB
- ASan report interpretation
- CVSS scoring
### Exploit Development
- Controlled overflow demonstration
- Boundary testing
- Automated PoC framework
### Security Engineering
- Compiler hardening (ASan, FORTIFY_SOURCE)
- Secure coding recommendations
- Defense-in-depth strategies
## ๐ Documentation
- **[CRASH_TRIAGE_REPORT.md](CRASH_TRIAGE_REPORT.md)** - Full vulnerability analysis
- **[poc_heap_overflow.py](poc_heap_overflow.py)** - Exploit proof-of-concept
## ๐ Learning Outcomes
1. **Fuzzing Fundamentals** - Built fuzzer from scratch, understand mutation strategies
2. **Vulnerability Discovery** - Found real bugs in = 64) len = 63; // Truncate to fit
```
## ๐ Fuzzer Performance
- **Executions/sec:** 27,000
- **Time to crash:** < 1 second
- **Unique crashes:** 6+
- **False positives:** 0
## ๐ ๏ธ Tools Used
- **Python 3** - Fuzzer implementation
- **GCC 11+** - Compilation with sanitizers
- **AddressSanitizer** - Memory error detection
- **GDB** - Debugging and forensics
- **Git** - Version control
---
**Note:** This is a security research project on intentionally vulnerable code. Do not use these techniques on systems without authorization.