Programmers often copy code from one program to another. Unfortunately when patches to buggy code are not propagated to all code clones, this leaves one or more programs still vulnerable. To study how widespread the problem of unpatched code clone truly is and to provide a tool that can help developers fight against it, we developed ReDeBug, a system to quickly find unpatched code clones in code bases at the scale of entire OS distributions.

Using ReDeBug, we examined over 2.1 billion lines of code from all packages in Debian Lenny/Squeeze, Ubuntu Maverick/Oneiric, all C and C++ projects in SourceForge, and also the Linux kernel. ReDeBug identified 15,546 unpatched copies of known vulnerable code, and sample unpatched code clones identified in our datasets are available:

Debian Squeeze (Nov 2011)
Ubuntu Oneiric (Nov 2011)
Debian Lenny (Jan 2011)
Ubuntu Maverick (Mar 2011)
SourceForge (Mar 2011)

Some unpatched code clones may not be vulnerable when the identified code is used in non-exploitable environments.
Please refer to our research paper and article for technical details.

ReDeBug: Finding Unpatched Code Clones

By submitting your source code (as a tarball), you can check if your code has the below CVE vulnerabilities. If a match is found, a report showing both the original buggy code and unpatched code clones found in the submitted code is presented.

CVE-2012-1173 CVE-2011-4170 CVE-2011-4029 CVE-2011-4028 CVE-2011-3848 CVE-2011-3635 CVE-2011-3605 CVE-2011-3604 CVE-2011-3603 CVE-2011-3602 CVE-2011-3601 CVE-2011-3368 CVE-2011-3365 CVE-2011-3362 CVE-2011-3348 CVE-2011-3200 CVE-2011-3192 CVE-2011-3149 CVE-2011-3148 CVE-2011-3145 CVE-2011-3048 CVE-2011-3045 CVE-2011-2964 CVE-2011-2724 CVE-2011-2696 CVE-2011-2694 CVE-2011-2692 CVE-2011-2690 CVE-2011-2522 CVE-2011-2511 CVE-2011-2501 CVE-2011-2200 CVE-2011-2178 CVE-2011-2161 CVE-2011-1929 CVE-2011-1834 CVE-2011-1832 CVE-2011-1831 CVE-2011-1782 CVE-2011-1764 CVE-2011-1678 CVE-2011-1595 CVE-2011-1487 CVE-2011-1471 CVE-2011-1470 CVE-2011-1469 CVE-2011-1467 CVE-2011-1464 CVE-2011-1407 CVE-2011-1196 CVE-2011-1168 CVE-2011-1167 CVE-2011-1155 CVE-2011-1154 CVE-2011-1153 CVE-2011-1148 CVE-2011-1146 CVE-2011-1144 CVE-2011-1094 CVE-2011-1092 CVE-2011-1081 CVE-2011-1025 CVE-2011-1024 CVE-2011-0997 CVE-2011-0905 CVE-2011-0904 CVE-2011-0762 CVE-2011-0730 CVE-2011-0723 CVE-2011-0719 CVE-2011-0708 CVE-2011-0534 CVE-2011-0480 CVE-2011-0421 CVE-2011-0420 CVE-2011-0284 CVE-2011-0192 CVE-2011-0064 CVE-2011-0020 CVE-2011-0013 CVE-2011-0001 CVE-2010-4818 CVE-2010-4704 CVE-2010-4698 CVE-2010-4697 CVE-2010-4645 CVE-2010-4539 CVE-2010-4538 CVE-2010-4535 CVE-2010-4534 CVE-2010-4494 CVE-2010-4411 CVE-2010-4410 CVE-2010-4409 CVE-2010-4336 CVE-2010-4329 CVE-2010-4180 CVE-2010-4172 CVE-2010-4150 CVE-2010-4042 CVE-2010-3906 CVE-2010-3870 CVE-2010-3864 CVE-2010-3855 CVE-2010-3853 CVE-2010-3814 CVE-2010-3718 CVE-2010-3710 CVE-2010-3709 CVE-2010-3704 CVE-2010-3609 CVE-2010-3445 CVE-2010-3436 CVE-2010-3429 CVE-2010-3315 CVE-2010-3311 CVE-2010-3254 CVE-2010-3120 CVE-2010-3087 CVE-2010-3072 CVE-2010-3069 CVE-2010-3056 CVE-2010-3055 CVE-2010-3053 CVE-2010-2950 CVE-2010-2944 CVE-2010-2941 CVE-2010-2939 CVE-2010-2900 CVE-2010-2808 CVE-2010-2807 CVE-2010-2806 CVE-2010-2799 CVE-2010-2784 CVE-2010-2761 CVE-2010-2651 CVE-2010-2646 CVE-2010-2630 CVE-2010-2597 CVE-2010-2595 CVE-2010-2546 CVE-2010-2542 CVE-2010-2541 CVE-2010-2531 CVE-2010-2526 CVE-2010-2520 CVE-2010-2487 CVE-2010-2483 CVE-2010-2482 CVE-2010-2448 CVE-2010-2431 CVE-2010-2249 CVE-2010-2244 CVE-2010-2225 CVE-2010-2192 CVE-2010-2063 CVE-2010-1917 CVE-2010-1869 CVE-2010-1824 CVE-2010-1666 CVE-2010-1646 CVE-2010-1623 CVE-2010-1411 CVE-2010-1205 CVE-2010-1128 CVE-2010-0828 CVE-2010-0743 CVE-2010-0734 CVE-2010-0669 CVE-2010-0629 CVE-2010-0547 CVE-2010-0542 CVE-2010-0540 CVE-2010-0436 CVE-2010-0421 CVE-2010-0409 CVE-2010-0408 CVE-2010-0407 CVE-2010-0405 CVE-2010-0404 CVE-2010-0403 CVE-2010-0397 CVE-2010-0394 CVE-2010-0393 CVE-2010-0309 CVE-2010-0308 CVE-2010-0300 CVE-2010-0212 CVE-2010-0211 CVE-2010-0205 CVE-2010-0012 CVE-2010-0001 CVE-2009-5022 CVE-2009-4924 CVE-2009-4897 CVE-2009-4896 CVE-2009-4565 CVE-2009-4270 CVE-2009-4143 CVE-2009-4142 CVE-2009-4031 CVE-2009-4016 CVE-2009-4012 CVE-2009-3995 CVE-2009-3767 CVE-2009-3720 CVE-2009-3700 CVE-2009-3638 CVE-2009-3627 CVE-2009-3615 CVE-2009-3609 CVE-2009-3608 CVE-2009-3606 CVE-2009-3604 CVE-2009-3603 CVE-2009-3563 CVE-2009-3560 CVE-2009-3553 CVE-2009-3490 CVE-2009-3379 CVE-2009-3304 CVE-2009-3292 CVE-2009-3291 CVE-2009-3290 CVE-2009-3094 CVE-2009-2957 CVE-2009-2948 CVE-2009-2906 CVE-2009-2855 CVE-2009-2813 CVE-2009-2702 CVE-2009-2700 CVE-2009-2694 CVE-2009-2687 CVE-2009-2663 CVE-2009-2626 CVE-2009-2625 CVE-2009-2624 CVE-2009-2347 CVE-2009-2287 CVE-2009-2285 CVE-2009-2281 CVE-2009-2042 CVE-2009-1904 CVE-2009-1891 CVE-2009-1890 CVE-2009-1888 CVE-2009-1886 CVE-2009-1791 CVE-2009-1788 CVE-2009-1760 CVE-2009-1759 CVE-2009-1725 CVE-2009-1713 CVE-2009-1712 CVE-2009-1711 CVE-2009-1699 CVE-2009-1698 CVE-2009-1687 CVE-2009-1629 CVE-2009-1482 CVE-2009-1376 CVE-2009-1375 CVE-2009-1373 CVE-2009-1299 CVE-2009-1271 CVE-2009-1252 CVE-2009-1195 CVE-2009-1194 CVE-2009-1188 CVE-2009-1183 CVE-2009-1182 CVE-2009-1181 CVE-2009-1180 CVE-2009-1179 CVE-2009-1151 CVE-2009-1150 CVE-2009-0949 CVE-2009-0946 CVE-2009-0945 CVE-2009-0858 CVE-2009-0843 CVE-2009-0842 CVE-2009-0841 CVE-2009-0840 CVE-2009-0839 CVE-2009-0800 CVE-2009-0799 CVE-2009-0793 CVE-2009-0792 CVE-2009-0758 CVE-2009-0754 CVE-2009-0689 CVE-2009-0642 CVE-2009-0583 CVE-2009-0312 CVE-2009-0260 CVE-2009-0240 CVE-2009-0196 CVE-2009-0186 CVE-2009-0166 CVE-2009-0165 CVE-2009-0163 CVE-2009-0159 CVE-2009-0147 CVE-2009-0146 CVE-2009-0040 CVE-2009-0021 CVE-2008-7252 CVE-2008-6679 CVE-2008-6079 CVE-2008-5907 CVE-2008-5183 CVE-2008-5081 CVE-2008-4866 CVE-2008-4686 CVE-2008-4610 CVE-2008-3933 CVE-2008-3827 CVE-2008-3732 CVE-2008-3659 CVE-2008-3658 CVE-2008-3641 CVE-2008-3640 CVE-2008-3639 CVE-2008-3522 CVE-2008-3230 CVE-2008-2939 CVE-2008-2829 CVE-2008-2327 CVE-2008-1423 CVE-2008-1420 CVE-2008-1419 CVE-2008-0928 CVE-2008-0629 CVE-2008-0073 CVE-2007-6725 CVE-2007-5137 CVE-2007-5049 CVE-2007-4974 CVE-2007-3387 CVE-2007-2893 CVE-2007-2721 CVE-2007-1742 CVE-2007-1366 CVE-2007-1322 CVE-2007-1321 CVE-2006-3465 CVE-2006-3459 CVE-2001-1228

Please upload a tar file. (maximum upload size: 10 MB)
Source Code

ReDeBug source code is available at here.