水木羽林 - 智能模糊测试引领者 - 北京水木羽林科技有限公司

WINGFUZZ FOR RROTOCOL

翼卫 WINGFUZZ 协议智能模糊测试系统

WINGFUZZ 协议模糊测试系统（WINGFUZZ for Protocol）是智能化的通信协议安全性、健壮性检测工具，可面向网络协议、工控协议、路由协议、蓝牙/WIFI协议、车控协议、私有协议等对象进行自动化缺陷检测。系统覆盖黑盒/灰盒场景，可高效生成海量测试用例报文，提供开箱即用的友好交互与丰富配置能力，支持灵活多样的异常监控，并提供直观的数据可视化与缺陷复现分析功能，助力通信协议安全保障。

WINGFUZZ 协议智能模糊测试系统完全自主可控，应用了双端测试、序列变异、跨状态引导等创新技术，功能、性能、挖掘能力可对标国际标杆商用产品。系统已在电力设备、车控主机、特殊专用系统、路由器、交换机、手机、摄像头、协议开源软件、区块链软件等各类对象上发现众多安全缺陷。

PERFORMANCE

领先的性能指标

WINGFUZZ协议测试核心性能指标领先于同类标杆工具。

针对RTPS、IEC61850、Libressl等工业界知名协议实现的评测对比中

40.17%

测试覆盖率相比于Peach等工具提升

针对IEC104、DDS、ICCP、SSL、TLS、FISCO-BCOS等知名协议的漏洞挖掘中

172.7%

缺陷检测数量相比于Peach等工具提升

MINING ABILITY

经验证的漏洞挖掘能力

协议名称	缺陷类型	详情
Bluetooth	DoS	NVDB-CAVD-2024888270
Bluetooth	DoS	NVDB-CAVD-2024437243
Bluetooth	DoS	NVDB-CAVD-2024437243
Fabric	DoS	CVE-2022-45196
FISCO-BCOS	consensus fairness bug	CVE-2022-28937
FISCO-BCOS	consensus liveness bug	CVE-2022-28936
FISCO-BCOS	consensus liveness bug	CVE-2022-26534
EOS	buffer overflow	CVE-2022-26300
HyperLedger Fabric	logic weakness	CVE-2022-26297
HyperLedger Fabric	logic weakness	CVE-2022-26295
FISCO-BCOS	consensus liveness bug	CVE-2021-46359
HyperLedger Fabric	break down	CVE-2021-43669
Go-Ethereum	runtime error crash	CVE-2021-43668
HyperLedger Fabric	break down	CVE-2021-43667
Go-Ethereum	SIGBUS	CVE-2021-42219
accel-ppp	stack-buffer-overflow	CVE-2021-42054
libressl	stack-buffer-overflow	CVE-2021-41581
accel-ppp	stack-buffer-overflow	CVE-2021-41581
FISCO-BCOS	memory leak	CVE-2021-40243
FISCO BCOS	package decode failure	CVE-2021-35041
rudp	memory leak	CVE-2020-20665
libiec_iccp_mod	segmentation violation	CVE-2020-20664
libiec_iccp_mod	heap-buffer-overflow	CVE-2020-20663
libiec_iccp_mod	heap-buffer-overflow	CVE-2020-20662
IEC104	heap-buffer-overflow	CVE-2020-20490
IEC104	stack-buffer-overflow	CVE-2020-20486
Cyclone DDS	heap-buffer-overflow	CVE-2020-18735
Cyclone DDS	stack-buffer-overflow	CVE-2020-18734
IEC104	segmentation violation	CVE-2020-18731
IEC104	segmentation violation	CVE-2020-18730
libiec61850	heap-buffer-overflow	CVE-2018-19185
libiec61850	NULL pointer dereference	CVE-2018-19122
libiec61850	SEGV	CVE-2018-19121
libiec61850	SEGV	CVE-2018-19093
libiec61850	NULL pointer dereference	CVE-2018-18937
libiec61850	heap-buffer-overflow	CVE-2018-18834
FISCO-BCOS	bad free	CNVD-2021-80670
FISCO-BCOS	en/decryption error	CNVD-2021-70168
accel-ppp	stack buffer overflow	https://github.com/xebd/accel-ppp/issues/158
accel-ppp	memory leak	https://github.com/xebd/accel-ppp/issues/155
OpenDDS	heap buffer overflow	https://github.com/objectcomputing/OpenDDS/issues/1826
OpenDDS	heap buffer overflow	https://github.com/objectcomputing/OpenDDS/issues/1827
Fast-DDS	stack buffer overflow	https://github.com/eProsima/Fast-DDS/issues/1337
Fast-DDS	stack buffer overflow	https://github.com/eProsima/Fast-DDS/issues/1338
Go-Ethereum	Data Race	https://github.com/ethereum/go-ethereum/issues/23965
DIEM	Unexpected Panic	https://github.com/diem/diem/issues/9753
Fabric	Unexpected Panic	https://jira.hyperledger.org/browse/FAB-18528
Fabric	Unexpected Panic	https://jira.hyperledger.org/browse/FAB-18529

WINGFUZZ 协议智能模糊测试系统

WINGFUZZ FOR RROTOCOL

PERFORMANCE

40.17%

172.7%

MINING ABILITY

联系我们

产品中心

关于我们