So I found a buffer overflow when the application gets more than 4GB of input data. And then I realized that it’s a 32 bit application. Guess that means: not exploitable. 😭

There turned out to be more to it, going with less input data is possible. In fact, I *almost* managed to exploit the vulnerability, but the application inevitably runs out of memory in the process. Too bad but the verdict is still: not exploitable.

@WPalant the conclusion is clear: we must go back to 8 bits for maximum security

@xerz Yes, it’s really hard to fit an exploit in 256 bytes of memory.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.