lilly/flatbuffers-oob-access-poc
1
0
Fork 0
Code Issues Pull requests Releases Packages Activity
No description
1 commit 1 branch 0 tags 788 KiB
Find a file
Exact
lilly 4dd57d135f
 add poc
2024-12-04 19:29:48 +01:00
.envrc add poc 2024-12-04 19:29:48 +01:00
.gitignore add poc 2024-12-04 19:29:48 +01:00
flake.lock add poc 2024-12-04 19:29:48 +01:00
flake.nix add poc 2024-12-04 19:29:48 +01:00
justfile add poc 2024-12-04 19:29:48 +01:00
main add poc 2024-12-04 19:29:48 +01:00
main.cpp add poc 2024-12-04 19:29:48 +01:00
make_payload.py add poc 2024-12-04 19:29:48 +01:00
payload.bin add poc 2024-12-04 19:29:48 +01:00
README.md add poc 2024-12-04 19:29:48 +01:00
schema.fbs add poc 2024-12-04 19:29:48 +01:00
schema_generated.h add poc 2024-12-04 19:29:48 +01:00

README.md

Proof-of-Concept for Out-of-bounds access

The following files are contained:

  • main.cpp: A cpp program using flatbuffer bindings which, when compiled and run can produce an access violation. It is intentionally kept minimal and accepts only the argument verify or no-verify to either verify a buffer before processing or not.
  • main: A precompiled version of main.cpp for x86-64-gnu-linux. The compilation instructions are noted in justfile.
  • make_payload.py: A small script to generate a payload that triggers OOB-access in main.cpp
  • payload.bin: A pre-generated payload. It was created using make_payload.py with default arguments

How-to-exploit

Run ./main no-verify.