Journal of Advancement in Software Engineering and Testing (e-ISSN: 2584-2226)

Unicode-based Buffer Overflow is a type of buffer overflow vulnerabilities, which occurs when allocated memory space overwritten with large amount of data in converting ASCII to Unicode. The problem is that few studies have been conducted about this vulnerability and most of the developers are not aware about the mitigation strategies. Also, a system for mitigating the Unicode overflow vulnerability has not been uniquely developed due to its complexity. The purpose of this study is to develop a mitigation tool called U-BOF by analyzing all past and real-world Unicode-based Overflow attacks to find a common pattern and categorize them to provide suitable solutions. The tool is planned to build as a static analysis tool that will use signature-based detection mechanism to detect vulnerable functions within source code. After that, it replaces the vulnerable function with the corresponding secured version. Overall, this thesis contributes to the field of software security by providing a practical and efficient solution for mitigating Unicode-based buffer overflow vulnerabilities.

Butt, M. A., Ajmal, Z., Khan, Z. I., Idrees, M., & Javed, Y. (2022). An in-depth survey of bypassing buffer overflow mitigation techniques. Applied Sciences, 12(13), 6702..

Shahab, A., Alenezi, M., Nadeem, M., & Asif, R. (2020). An automated approach to fix buffer overflows. International Journal of Electrical & Computer Engineering (2088-8708), 10(4)..

CVE, "CVE-2020-11308," cve.mitre.org, 2020. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11308. [Accessed 15 05 2023].

CVE, "CVE-2021-20109," cve.mitre.org, 2021. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20109. [Accessed 10 05 2023].

CVE, "CVE-2018-5178," cve.mitre.org, 2018. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178. [Accessed 22 05 2023].

CVE, "CVE-2018-4887," cve.mitre.org, 2018. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4887. [Accessed 13 05 2023].

CVE, "CVE-2018-10655," cve.mitre.org, 2018. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10655. [Accessed 02 06 2023].

CVE, "CVE-2022-30976," cve.mitre.org, 2022. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30976. [Accessed 01 06 2023].

CVE, "CVE-2022-25309," CVE, 2022. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25309. [Accessed 08 06 2023].

CVE, "CVE-2021-33286," cve.mitre.org, 2021. [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33286. [Accessed 04 06 2023].