HC's Capture the Flag website
CTF Contests
25C3-CTF

25C3-CTF final results

Advisory #31

From team dameuse-pelteuse

New advisory by : het
Affected service(s): vdspi
Severity [lmh] : high

===== Problem =====
string length is not checked

for example :
first, last, comment : String (1..1024);
then
Ada.Text_IO.Get_Line (last, nl);


===== Impact =====
pussible buffer overflow
===== Fix =====
rewrite getline with length checks

Rating

[2] It's pretty hard to get all the automatic checks disabled, BTW.

Go back

---

Impressum