Skip to content

LAVA Wiki

Andrew edited this page Jun 13, 2026 · 12 revisions

The files were originally found here.

Documentation

LAVA is the product of a collaboration between MIT Lincoln Laboratory, NYU, and Northeastern University, designed to provide a method for testing fuzzers and automating the creation of CTFs by injecting security vulnerabilities into source code.

User Guide

Download the LAVA Debian Package here and to install the Python package, use pip install pyroclastic.

Current Bugs Functionality

Checkmark means we know this works. To replicate the result, use the same project and check the logs for injection.

  • BUG_PTR_ADD, see example with toy
Validating bug 23 of 50 
No known solution for bug with id=942
Bug[942](type=BUG_PTR_ADD, trigger=75, atp=21)
fuzzed = [/mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/generated-inputs/testsmall-fuzzed-942.bin]
Run modified program: /mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/bugs/0/toy/lava-install/bin/toy /mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/generated-inputs/testsmall-fuzzed-942.bin
retval = 139
:type_1 + bug.type
RV indicates memory corruption
Moving crashing input file to /mnt/c/Users/andre/OneDrive/Desktop/lava/target_injections/toy/crashes/testsmall-fuzzed-942.bin
  • [] RET_BUFFER
  • [] REL_WRITE
  • [] PRINTF_LEAK
  • [] MALLOC_OFF_BY_ONE

Chaff Bugs Confirmation

  • [] CHAFF_STACK_UNUSED
  • [] CHAFF_STACK_CONST
  • [] CHAFF_HEAP_CONST
  • [] CHAFF_DIVZERO

Download all relevant QCows

Also, we highly suggest downloading the relevant PANDA QCows, as this can take some time on your first time running LAVA. The commands are provided here.

python3 -c "from pandare.qcows_internal import Qcows;Qcows.get_qcow('x86_64')"
python3 -c "from pandare.qcows_internal import Qcows;Qcows.get_qcow('i386')"
python3 -c "from pandare.qcows_internal import Qcows;Qcows.get_qcow('arm')"
python3 -c "from pandare.qcows_internal import Qcows;Qcows.get_qcow('aarch64')"

Clone this wiki locally