Qualifier Challenge - CROMU_00040

Original Versions

Known Vulnerabilities

  • CWE-193 - Off-by-one Error
  • CWE-476 - NULL Pointer Dereference
  • CWEs are listed as indicated by the challenge author.


  • ForAllSecure: 2.33
  • Lekkertech: 2.33
  • DeepRed: 2.33
  • CodeJitsu: 1.32
  • Disekt: 0.11
  • TrailofBits: 0.11
  • TECHx: 0.0
  • Shellphish: 0.0
  • CSDS: 0.0
  • FuzzBOMB: 0.0
  • The maximum score for each challenge in CQE is 4, following the CQE Scoring Document.

Passed consensus evaluation

  • CodeJitsu - CB1

Proved a POV in reference challenge

Defense against reference POVs

  • CodeJitsu: 100.0% - CB1
  • Disekt: 33.3% - CB1
  • ForAllSecure: 33.3% - CB1
  • Lekkertech: 33.3% - CB1
  • TECHx: 33.3% - CB1
  • TrailofBits: 33.3% - CB1
  • DeepRed: 33.3% - CB1

No submission

  • Eighth Place Team
  • Eleventh Place Team
  • Fifth Place Team - Finalist
  • First Place Team - Finalist
  • Fourth Place Team - Finalist
  • Ninth Place Team
  • Second Place Team - Finalist
  • Seventh Place Team - Finalist
  • Sixth Place Team - Finalist
  • Tenth Place Team
  • Third Place Team - Finalist
  • Thirteenth Place Team
  • Twelfth Place Team

All Submissions

Author Information

Steve Wood swood@cromulence.co

DARPA performer group



The program is an application to collect food recipes and allow for searching for wanted recipes by title and ingredient. Individual recipes can be tagged for later printing. In addition, the ingredients from recipes that have been tagged can be combined into a sorted shopping list.

Feature List

New recipes can't be added. Recipes can also be searched for by keyword including the use of wildcards that search the recipe title and ingredient list. For example, all recipes that use artichoke hearts could be found and tagged. A list of tagged recipes can be printed to STDOUT to create a menu for a dinner and finally a shopping list of the ingredients used in tagged recipes can be printed.


The vulnerability occurs in the way that recipes are captured and later displayed. If the entry of ingredients is terminated without enterying any ingredient, the recipe is invalid and is deleted. However, entering a recipe with no step by step instructions is allowed. When being searched for and displayed for tagging, the program properly checks for the instructions to be a valid list. However, when subsequently printing a tagged list of recipes, this check is not performed and a zero pointer dereference occurs causing a SEGFAULT.

The second vulnerability is an off by one error due to invalid validation of a length.

The third vulnerabilility exists in the traversing of the book structures without ensureing that the pointer is non-null.

Generic class of vulnerability

Off by one overwrite NULL Pointer Dereference.

CWE classification

CWE-476 -- Null dref CWE-193 - Off by one error


This vulnerability requires two steps to demonstrate it crashing the program. First a recipe has to be entered with no step by step instructions, then the recipe has to be searched and tagged. Finally, it must be displayed as part of the tagged list.

Curated by Lunge Technology, LLC. Questions or comments? Send us email