Tag: out-of-bound (7)

CTF > Viettel Cyber Security > VCS Passport 2025

final pokemon player

Vulnerability: toc-tou race condition -> out-of-bound write; arbitrary function pointer -> stack buffer overflow using gets()

toc-tou race-condition sink-to-source return-address-overwrite return-oriented-programming stack-buffer-overflow out-of-bound
December 30, 2025 December 20, 2025 Medium
CTF > HeroCTF > HeroCTF v7

pwn - Identity

I added a protection layer in front of my database, it's safe now… right? Right??

Vulnerability: off-by-one out-of-bound write -> .bss buffer overflow

out-of-bound
December 24, 2025 November 29, 2025 Medium
CTF > DreamHack.io > Wargame

pwn - 721 - Santa claus is coming to town

산타 할아버지는 알고계신대. 누가 착한 앤지 나쁜 앤지 ...??? 어떻게??? 취약점을 찾아 셀을 획득한 후 flag 파일을 읽으세요. 플래그 형식은 DH{…} 입니다.

Vulnerability: arbitrary size allocation; out-of-bound write - improper index check

heap-buffer-overflow out-of-bound arbitrary-size-allocation hook-overwrite
December 23, 2025 December 18, 2025 Easy
CTF > HeroCTF > HeroCTF v7

pwn - Paf Traversal

Your mission is to audit a high-performance hash-cracking platform. It achieves its speed by combining a Go-based API server with...

Vulnerability: path traversal

path-traversal environment-variable go out-of-bound
December 22, 2025 November 29, 2025 Easy
CTF > CSCV > CSCV 2025 Jeopardy Final

pwn - HeapNote Revenge

I wrote another heap note app and I think it's safe this time. Can you prove me wrong and get...

Vulnerability: integer vulnerability - signed and unsigned conversion -> stack buffer overflow - improper length check

stack-buffer-overflow return-address-overwrite file-stream-oriented-programming bypass-stack-canary heap-buffer-overflow out-of-bound file-pointer integer-vulnerability
December 22, 2025 November 16, 2025 Medium
CTF > HackTheBox > HTB Cyber Apocalypse CTF 2025: Tales from Eldoria

pwn - Crossbow

Sir Alaric's legendary shot can pierce through any enemy! Join his training and hone your aim to match his unparalleled...

Vulnerability: out-of-bound write -> stack pivot

static-binary return-oriented-programming mprotect stack-pivoting out-of-bound shellcode stack-buffer-overflow
December 22, 2025 October 29, 2025 Easy
CTF > CSCV > CSCV 2025 Preliminary

pwn - sudokuS

Play the sudoku and get flag. Flag path at /flag.

Vulnerability: rwx permission

return-address-overwrite return-oriented-programming out-of-bound shellcode bypass-seccomp
December 22, 2025 October 25, 2025 Medium