What’s Changed with This Release:

What’s New:

• Added DoubleFree SymbEx analysis. Detects instances of CWE-415: Double Free.
• Added NullPointerDereference SymbEx analysis. Detects instances of CWE-476: NULL Pointer Dereference.
• Added OutOfBoundsRead SymbEx analysis. Detects instances of CWE-125: Out-of-bounds Read.
• Added OutOfBoundsWrite SymbEx analysis. Detects instances of CWE-787: Out-of-bounds Write.
• Added function call stack display. Display the program’s function call stack at the time the vulnerability was encountered

What’s Updated:

• The Input to Reproduce section displayed for vulnerabilities detected using SymbEx now reports input read from file and input read over the network (e.g., TCP/UDP packets).
• ‘Duplicate’ vulnerabilities are now reported significantly less often.
• Fixed various minor bugs and performance issues.

Feature details

New Feature: DoubleFree SymbEx analysis

Detects instances of CWE-415: Double Free.

New Feature: NullPointerDereference SymbEx analysis

Detects instances of CWE-476: NULL Pointer Dereference.

New Feature: OutOfBoundsRead SymbEx analysis

Detects instances of CWE-125: Out-of-bounds Read.

New Feature: OutOfBoundsWrite SymbEx analysis

Detects instances of CWE-787: Out-of-bounds Write.

New Feature: Function call stack display

Vulnerabilities detected using SymbEx now display the program’s function call stack at the time the vulnerability was encountered.

Updated Feature: Input to Reproduce section display

• The Input to Reproduce section displayed for vulnerabilities detected using SymbEx now reports input read from file and input read over the network (e.g., TCP/UDP packets).

Updated Feature: ‘Duplicate’ Vulnerabilities

‘Duplicate’ vulnerabilities are now reported significantly less often.