lawyer depend
Challenge Information
Project: mongoose
Type: full
Harnesses: 1
Vulnerabilities: 1
AFC Challenge Performance
Number of Unique Vulnerabilities Discovered: #
Number of Teams with Scoring PoVs: 5
Number of Teams with Scoring Patches: 3
Number of Teams with Scoring Bundles: 2
Total Points Scored for this Challenge: 41.62743820234595
What design decisions were considered for this challenge?
This challenge represents a developer making a small mistake in checking a range.
Why this set of vulnerabilities?
This vulnerability tests a CRS’s ability to find introduced range checking errors in logic.
Delta vs Full and why?
Full scan to test detection across the entire codebase.
Challenge Harnesses
- fuzz
Challenge Vulnerabilities
Double trouble stack-based buffer overflow
Vulnerability Information
Author: Dan
Harness: fuzz
CWE Classification: CWE-121 , CWE-193
What functions and functionality is relevant?
mg_json_get() in mongoose.c and json.c.
Why is this vulnerable?
“Double trouble” stack-based buffer overflows in a change to increase the number of nested json objects. The check to prevent buffer overflow was incorrectly changed from >= to > causing CWE-193: Off-by-one Error leading to CWE-121: Stack-based Buffer Overflow. However, in addition to this incorrect change, the stack buffer size for the variable “nesting” was not increased to match the new MG_JSON_MAX_NESTING value. This will also cause a CWE-121: Stack-based Buffer Overflow.
Is this a replay and/or is inspired by anything?
This is not a replay.
What makes it interesting?
This tests whether a CRS can detect subtly vulnerable code introduced by a developer during a typical code review scenario.