CHESS
GAMEPLAY: Graph Analysis for Mechanized Exploit generation and Patching Leveraging human Assistance for improved Yield
The GAMEPLAY project aims to improve the processes software vulnerabilities detection, exploit generation, and patching. Gameplay is part of the CHESS DARPA program (Computers and Humans Exploring Software Security) whose goal is to "research the effectiveness of enabling computers and humans to collaboratively reason over software artifacts, such as source code and compiled binaries". In GAMEPLAY, we are building tools and methods to discover vulnerabilities and generate exploits for PHP, Javascript, and C/C binaries.
Participating Institutions:
Prinicipal Investigators:
- V.N. Venkatakrishnan (UIC)
- Rigel Gjomemo (UIC)
- Kevin Hamlen (UTD)
- Yinzhi Cao (JHU)
Sponsor:
DARPA
Results
Found Vulnerabilities:
- OsTicket (CVE-2020-24917)
- Collabtive (CVE-2020-13655)
- CePhoenix (CVE-2020-12058)
- ZoneMinder (CVE-2020-25729)
- ECommerce CodeIgniter (CVE-2020-25086)
- ECommerce CodeIgniter (CVE-2020-25087)
- ECommerce CodeIgniter (CVE-2020-25088)
- ECommerce CodeIgniter (CVE-2020-25089)
- ECommerce CodeIgniter (CVE-2020-25090)
- ECommerce CodeIgniter (CVE-2020-25091)
- ECommerce CodeIgniter (CVE-2020-25092)
- ECommerce CodeIgniter (CVE-2020-25093)