Qualifier Challenge - YAN01_00011

Original Versions

Known Vulnerabilities

  • CWE-125 - Out-of-bounds Read
    • CWEs are listed as indicated by the challenge author.

Scores

  • ForAllSecure: 1.65
  • CSDS: 0.57
  • CodeJitsu: 0.0
  • Disekt: 0.0
  • TECHx: 0.0
  • Shellphish: 0.0
  • FuzzBOMB: 0.0
  • TrailofBits: 0.0
  • DeepRed: 0.0
    • The maximum score for each challenge in CQE is 4, following the CQE Scoring Document.

Passed consensus evaluation

  • CodeJitsu - CB1
  • CSDS - CB1
  • DeepRed - CB1
  • Disekt - CB1
  • ForAllSecure - CB1
  • FuzzBOMB - CB1
  • Shellphish - CB1
  • TECHx - CB1
  • TrailofBits - CB1

Proved a POV in reference challenge

Defense against reference POVs

  • ForAllSecure: 100.0% - CB1
  • CodeJitsu: 100.0% - CB1
  • CSDS: 100.0% - CB1

No submission

  • Eighth Place Team
  • Eleventh Place Team
  • Fifth Place Team - Finalist
  • First Place Team - Finalist
  • Fourth Place Team - Finalist
  • Ninth Place Team
  • Second Place Team - Finalist
  • Seventh Place Team - Finalist
  • Sixth Place Team - Finalist
  • Tenth Place Team
  • Third Place Team - Finalist
  • Thirteenth Place Team
  • Twelfth Place Team

All Submissions

Author Information

Lok Yan Lok.Yan@us.af.mil

DARPA performer group

AFRL

Description:

This is a word completion game with 10 initial rounds and a final round. During each round, the user is given an occluded word. The user then needs to provide the full word in order to pass. Once the user completes 10 of these word completion tasks, they will be presented with a final word that must also be solved.

Vulnerability Class:

The vulnerability is an CWE-125: Out of Bounds Read on an array.

Additional Notes:

This CB is designed to help CRSes determine how well they handle dynamically generated data. That is the word completion list is created dynamically using a static list of words that are provided as part of the program itself.

Curated by Lunge Technology, LLC. Questions or comments? Send us email