Qualifier Challenge - KPRCA_00049


Original Versions

Known Vulnerabilities

  • CWE-122 - Heap-based Buffer Overflow
  • CWE-674 - Uncontrolled Recursion
  • CWEs are listed as indicated by the challenge author.

Scores

  • ForAllSecure: 2.5
  • CodeJitsu: 0.31
  • CSDS: 0.05
  • TrailofBits: 0.01
  • DeepRed: 0.01
  • Disekt: 0.0
  • TECHx: 0.0
  • Shellphish: 0.0
  • FuzzBOMB: 0.0
  • The maximum score for each challenge in CQE is 4, following the CQE Scoring Document.

Passed consensus evaluation

  • CodeJitsu - CB1
  • DeepRed - CB1
  • Disekt - CB1
  • Shellphish - CB1

Proved a POV in reference challenge

Defense against reference POVs

  • CodeJitsu: 100.0% - CB1
  • Disekt: 100.0% - CB1
  • Shellphish: 100.0% - CB1
  • ForAllSecure: 50.0% - CB1
  • TECHx: 50.0% - CB1
  • CSDS: 50.0% - CB1
  • TrailofBits: 50.0% - CB1
  • DeepRed: 50.0% - CB1

No submission

  • Eighth Place Team
  • Eleventh Place Team
  • Fifth Place Team - Finalist
  • First Place Team - Finalist
  • Fourth Place Team - Finalist
  • Ninth Place Team
  • Second Place Team - Finalist
  • Seventh Place Team - Finalist
  • Sixth Place Team - Finalist
  • Tenth Place Team
  • Third Place Team - Finalist
  • Thirteenth Place Team
  • Twelfth Place Team

All Submissions

DARPA performer group

Kaprica Security (KPRCA)

Description:

This service implements a simple note taking program.

Feature List

The following commands are supported by the server.

  • new-note $NAME $CONTENT: Create a new note named $NAME and store $CONTENT in it.

  • append-note $NAME $CONTENT: If a note with name $NAME exists then append $CONTENT to its content.

  • delete-note $NAME: If a note with name $NAME exists then delete it.

  • get-note $NAME: If a note with name $NAME exists then return its contents.

In order to provide a responsive interface this service delays the running of both the delete and append actions until they are necessarily needed by the result of some other command. This cuts down on processing time and provides the user with a fluid and intuitive experience.

Vulnerability

The first vulnerability is a result of that when processing delayed actions the call stack grows with the order of delayed actions. It is therefore possible for an attacker to create a pathological usage case where number of delayed actions grows exceptionally large and the stack space is exhausted during runtime.

The second vulnerability is a result of that when appending to a note the amount that a note's data buffer is grown is a fixed ratio which can result in a heap overflow if the data being appended is larger than this ratio.

Generic class of vulnerability

  • Recursion
  • Excessive nested function calls
  • Overflow

CWE classification

  • CWE-122: Heap-based Buffer Overflow
  • CWE-674: Uncontrolled Recursion

Challenges

The challenge binary poses tests the following abilities of a system:

  • Ability to detect issues due to excessive stack space usage
  • Ability to construct control flows that result in excessive stack space usage

Curated by Lunge Technology, LLC. Questions or comments? Send us email