Very Normal, Everything Is Fine V2

Challenge Information

Project: curl

Type: delta

Harnesses: 17

Vulnerabilities: 1


GitHubChallenge DownloadChallenge Diff

AFC Challenge Performance

Number of Unique Vulnerabilities Discovered: #

Number of Teams with Scoring PoVs: 1

Number of Teams with Scoring Patches: 2

Number of Teams with Scoring Bundles: 1


Total Points Scored for this Challenge: 14.936007413439302

What design decisions were considered for this challenge?

This is the second in a series of three bugs intended to observe competitors basic abilities. Like curl-005 before it, it is based on the custom “verynormalprotocol”, now enhanced with greater difficulty to reach the offending code.

Like curl-005, the bug will dereference a null pointer when a certain point is reached. Previously, a competitor only had to send one hardcoded server response to trigger the bug; this time, however, they will have to send four hardcoded responses.

Why this set of vulnerabilities?

curl-006, 007, and 008 are all evolutions of curl-005, intended to incrementally test competitors abilities with increasing difficulty. As such, they are all staged in their own challenges.

Delta vs Full and why?

All “verynormalprotocol” vulns are delta scan challenges.

Challenge Harnesses

  • curl_fuzzer_https
  • curl_fuzzer_ftp
  • curl_fuzzer_tftp
  • curl_fuzzer_rtsp
  • curl_fuzzer
  • curl_fuzzer_pop3
  • curl_fuzzer_ws
  • curl_fuzzer_gopher
  • curl_fuzzer_dict
  • curl_fuzzer_bufq
  • curl_fuzzer_smb
  • curl_fuzzer_mqtt
  • curl_fuzzer_smtp
  • curl_fuzzer_file
  • curl_fuzzer_imap
  • curl_fuzzer_http
  • fuzz_url

Challenge Vulnerabilities