Some vulnerable projects in C or C++ for a lecture?

Question

I'm looking for some real projects which have stack overflow vulnerabilities. The important thing is, I am going to teach finding the vulnerabilities and the way of fixing them by these examples. So, the vulnerabilities should be simple to find and simple to patch. Do you know any source code for this?

I'd have a look at old FTP server software. – Arminius May 24 '17 at 12:54 — Arminius, May 24 '17 at 12:54

score 3 · Accepted Answer · answered May 25 '17 at 02:04

Open Security Training has some great resources to teach developers about secure code practices including a virtual machine with compilers and vulnerable code samples

Also look at NIST's SAMATE TEST Suite for C and C++ vulnerable code, For e.g. C test suite contains good examples of Format String, Buffer overflow vulnerabilities in C.

You can find vulnerable versions of open source software like Wireshark on SAMATE as well. You might also want to look at exploit-db.com once your students are comfortable with simple vulnerabilities.

Finding security issues in Wireshark, VLC or any media libraries can be a great exercise for students and also improves security of open source projects.

score 0 · Answer 2 · answered May 24 '17 at 12:41

0

DevIL is an image library with quite a lot of stack overflows in it.

answered May 24 '17 at 12:41

Sjoerd

28,707
12
74
102

3

Your answer would be more helpful if you would point out some of them. – Philipp May 24 '17 at 22:37

score 0 · Answer 3 · answered Dec 09 '19 at 10:20

0

If you want to find issues on opensource projects may be you can start with https://lgtm.com/, this is nice project that you can compare and see the real issues that some of the projects have. Hope it helps

answered Dec 09 '19 at 10:20

camp0

2,172
1
10
10

Some vulnerable projects in C or C++ for a lecture?

3 Answers3