ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing

Abstract

In this paper, we propose ResolverFuzz to fuzz the resolver.

Publication
In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: ??%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors

Overview

In this paper, we propose ResolverFuzz to fuzz the resolver.

CVE (15)

  • 15 CVE numbers

More details coming soon…

Xiang Li
Xiang Li
Ph.D. Candidate in Cyberspace Security (Tsinghua University)

Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 12 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and Black Hat. He has obtained over 180 CVE/CNVD vulnerability numbers, more than $11,600 rewards, multiple CERT reports, 60+ news coverage, and RFC acknowledgement. He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, Tsinghua Outstanding Scholarship, and LongFor Excellent Scholarship.