"Maxwell Koo" firstname.lastname@example.org
Narf Industries (NRFIN)
Eddy is your new favorite text editor! With an efficient binary command interface and advanced features such as regular expression searching, your productivity will skyrocket when compared to your experience with competing text editors.
This service is a text editor similar to the 'ed' utility.
The addressing for marks does not properly check to ensure that a mark location is valid, allowing for setting a mark to an arbitrary memory address which can be used to leak information.
In order to prove this vulnerability, a CRS will need to be able to identify the correct regions addressable by marks, understand the preconditions needed to invoke the mark command and connect the various commands together in order to leak data from the flag page.
The number command does not properly calculate the output buffer size when rendering lines with a 3 digit number. The output of this command is placed in a heap buffer prior to being transmitted.
In order to prove this vulnerability, a CRS will need to be able to identify heap buffers as well as identify the relationship between the insert/append commands and the length of the string placed in the output buffer. Several commands will need to be issued in order to trigger the overflow.
Curated by Lunge Technology, LLC. Questions or comments? Send us email