Qualifier Challenge - KPRCA_00020

Original Versions

Known Vulnerabilities

  • CWE-125 - Out-of-bounds Read
  • CWEs are listed as indicated by the challenge author.


  • Disekt: 3.29
  • Lekkertech: 2.67
  • ForAllSecure: 2.33
  • Shellphish: 2.33
  • CodeJitsu: 1.49
  • CSDS: 1.42
  • TECHx: 0.0
  • FuzzBOMB: 0.0
  • TrailofBits: 0.0
  • DeepRed: 0.0
  • The maximum score for each challenge in CQE is 4, following the CQE Scoring Document.

Passed consensus evaluation

Proved a POV in reference challenge

Defense against reference POVs

  • CodeJitsu: 100.0% - CB1
  • Disekt: 100.0% - CB1
  • CSDS: 100.0% - CB1
  • TrailofBits: 100.0% - CB1
  • Lekkertech: 66.7% - CB1
  • TECHx: 66.7% - CB1
  • ForAllSecure: 33.3% - CB1
  • Shellphish: 33.3% - CB1

No submission

  • Eighth Place Team
  • Eleventh Place Team
  • Fifth Place Team - Finalist
  • First Place Team - Finalist
  • Fourth Place Team - Finalist
  • Ninth Place Team
  • Second Place Team - Finalist
  • Seventh Place Team - Finalist
  • Sixth Place Team - Finalist
  • Tenth Place Team
  • Third Place Team - Finalist
  • Thirteenth Place Team
  • Twelfth Place Team

All Submissions

DARPA performer group

Kaprica Security (KPRCA)


This service implements a parser and pretty printer for a Type-Length-Value protocol known as ASL6. ASL6 is commonly used amongst retro online-chat enthusiasts who desire an easy to exchange basic information about themselves to eachother such as age,gender,or geographic location.

Feature List

This service simply reads a ASL6 element up to 32KB in size and pretty prints its contents back the the user. It is able to handle a variety of complex datetypes such as time and object identifiers.


This service's vulnerability lies in the print_oid function. This function parsers and prints the OID element type according to the format defined in the ASL6 protocol. The function both fails to do a required bounds check on the index into the array containing the OID data after it is updated and to correctly pass an upper bounds on a slice into the data to a corresponding helper function. These flaws in conjuction result in an out of bounds read.

Generic class of vulnerability

Out-of-bounds Read

CWE classification

CWE-125: Out-of-bounds Read


The challanges introducted to competitors in this service are a slightly complicated protocol which the competitors must adhere to in order to progress through the states of the servic, a variety of integrity checks inherent to the encoding scheme to which they also must adhere.

Curated by Lunge Technology, LLC. Questions or comments? Send us email