Research Article
A Pattern-Based Software Testing Framework for Exploitability Evaluation of Metadata Corruption Vulnerabilities
Table 6
Overall results of RELAY.
| | Name | CTF | Vul type | Exp. pattern | Nm | Lp | Dc | Tm/s | Revery |
| Successful cases | BRHG-13 | BRHG | UAF | fast_bin_exp | 6 | 5 | 38 | 1283 | — | pwn14 | DEFCON China&BCTF | Heap overflow | hof_exp | 8 | 4 | 32 | 927 | — | pwn40 | DEFCON China&BCTF | Heap overflow | unlink_exp | 5 | 5 | 43 | 1194 | — | note2 | ZCTF 2016 | Heap overflow | unlink_exp | 18 | 10 | 83 | 1427 | ✘ | note3 | ZCTF 2016 | Heap overflow | unlink_exp | 19 | 12 | 74 | 1483 | ✘ | fb | AliCTF 2016 | Heap overflow | unlink_exp | 32 | 13 | 96 | 1638 | ✘ | Stkof | HITCON 2014 | Heap overflow | unlink_exp | 27 | 12 | 117 | 1829 | ✘ | Simple note | Tokyo westerns 2017 | Off-by-one | unlink_exp | 21 | 10 | 99 | 1595 | ✘ | Search engine | 2015 9447 CTF | Double free | fast_bin_exp | 21 | 13 | 106 | 1762 | — | Badint | Defcon qualifier 2017 | Heap overflow | fast_bin_exp | 31 | 13 | 138 | 2053 | — | Weqpon | Delta Ctf 2019 | UAF | fast_bin_exp | 24 | 12 | 82 | 1518 | — | Babyheap | 0ctf 2017 | Heap overflow | overlap_exp | 36 | 16 | 175 | 2431 | — | Pwnme | NCTF2019 | Off-by-one | overlap_exp | 25 | 15 | 152 | 2218 | — | Bcloud | 2016 BCTF | Heap overflow | hof_exp | 13 | 9 | 75 | 1364 | — | Gyctf2020_force | BUUCTF | Heap overflow | hof_exp | 16 | 8 | 86 | 1487 | — | Bamboobox | Hitcon training | Heap overflow | hof_exp | 12 | 8 | 69 | 1329 | — |
| Failed cases | Bookstore | 2015 hacklu | Heap overflow | unlink_exp | 25 | 10 | 126 | — | — | Babyheap | 0ctf2018 | Off-by-one | overlap_exp | 21 | 13 | 153 | — | — | Wheelofrobots | 2017 insomni’hack | Off-by-one | overlap_exp | 18 | 11 | 141 | — | — | Babypwn | N1ctf2019 | Double free | fastbin_exp | 23 | 11 | 148 | — | — |
|
|