ODSS: A Ghidra-based Static Analysis Tool for Detecting Stack-Based Buffer Overflows

Abstract

To reduce code exploitabilty, techniques for analyzing binaries for potential buffer overflow vulnerabilities are needed. One method is static analysis, which involves inspection of disassembled binaries to identify exploitable weaknesses in the program. Buffer overflows can occur in libc functions. Such functions can be referred to as vulnerable sinks. We present Overflow Detection from Sinks and Sources (ODSS), a script written for the Ghidra API to search for vulnerable sinks in a binary and to find the source of all the parameters used in each sink. We conduct static analysis of ten common libc functions using ODSS, and show that it is possible to both find overflow vulnerabilities associated with functions using stack-allocated strings and to determine the feasibility of a buffer overflow exploitation.