Ctfer-io

Chall-manager

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-53634

  • EPSS 0.15%
  • Veröffentlicht 10.07.2025 19:39:57
  • Zuletzt bearbeitet 14.08.2025 20:41:40

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not ...

9.8

CVE-2025-53633

  • EPSS 0.1%
  • Veröffentlicht 10.07.2025 19:38:19
  • Zuletzt bearbeitet 14.08.2025 20:44:46

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation do...

9.1

CVE-2025-53632

  • EPSS 0.04%
  • Veröffentlicht 10.07.2025 19:36:47
  • Zuletzt bearbeitet 14.08.2025 20:49:48

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require a...