This page lists a number of plots that depict trends in discovered memory errors. We look at both vulnerabilities (extracted from the CVE data feed) and exploits (via exploit-db). We classify vulnerabilities and exploits by searching for keywords: issues with the words php, sql, or xss are said to be web-related; stack-based vulnerabilities and exploits contain the words stack-based or stack overflow in their description, for heap-based ones, we look for heap-based, heap overflow, use-after-free, and double free; integer issues must contain the words integer, signedness, or off-by-one; we identify pointer issues by looking for dereference, and dangling pointer; issues describing format string issues should contain the string format string; and finally vulnerabilities and exploits that contain the word overflow are dubbed as other.
Each vulnerability is counted only once in above order, i.e., a format string issue that allows an attacker to execute sql commands on a remote server is considered a web vulnerability. This may not always yield honest results, but it still gives an useful insight in trends in memory-errors.
In the top right corner, you can select whether vulnerabilities and exploits should be processed per 1, 2, or 3 months; using a higher time unit result in less fluctuations. You can click on a title to show or hide its figure and description, allowing you to compare graphs with each other easily.
The source code for this project is open source. Feel free to do with it what you want, but remember, if it breaks something, you get to keep both halves. If you want to know more about memory errors in general, have a look at our paper Memory Errors: The Past, the Present, and the Future.
