Skip to content

LAVA Wiki

Andrew edited this page May 30, 2026 · 12 revisions

The files were originally found here.

Documentation

LAVA is the product of a collaboration between MIT Lincoln Laboratory, NYU, and Northeastern University, designed to provide a method for testing fuzzers and automating the creation of CTFs by injecting security vulnerabilities into source code.

User Guide

Download the LAVA Debian Package here and to install the Python package, use pip install pyroclastic.

Current Bugs Functionality

Checkmark means we know this works [x] BUG_PTR_ADD, see example with toy

Validating bug 23 of 50 
No known solution for bug with id=942
Bug[942](type=BUG_PTR_ADD, trigger=75, atp=21)
fuzzed = [/mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/generated-inputs/testsmall-fuzzed-942.bin]
Run modified program: /mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/bugs/0/toy/lava-install/bin/toy /mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/generated-inputs/testsmall-fuzzed-942.bin
retval = 139
:type_1 + bug.type
RV indicates memory corruption
Moving crashing input file to /mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/crashes/testsmall-fuzzed-942.bin

[] RET_BUFFER [] REL_WRITE [] PRINTF_LEAK [] MALLOC_OFF_BY_ONE

Chaff Bugs Confirmation [] CHAFF_STACK_UNUSED [] CHAFF_STACK_CONST [] CHAFF_HEAP_CONST [] CHAFF_DIVZERO

Clone this wiki locally