Skip to content

test(security): add poc for client dsop modifier-map out-of-bounds read#12

Draft
nbolton wants to merge 1 commit into
mainfrom
poc/mod-map-oob
Draft

test(security): add poc for client dsop modifier-map out-of-bounds read#12
nbolton wants to merge 1 commit into
mainfrom
poc/mod-map-oob

Conversation

@nbolton

@nbolton nbolton commented Jul 3, 2026

Copy link
Copy Markdown
Member

Master:

$ ./cve_XXXX_XXXXX_mod_map_oob.py
CVE-XXXX-XXXXX -- dsop modifier-map out-of-bounds read
malicious server on 127.0.0.1:24800, poison index 0xfbffff04
start a deskflow client (tls disabled) pointed at this address
[*] waiting for client
client connected from 127.0.0.1:54744, handshake complete
sent poisoned dsop, mapped shift modifier to out-of-range index
sent left-shift key down to trigger the translation
[FAIL] client dropped connection -- VULNERABLE (CVE-XXXX-XXXXX)

PR: deskflow/deskflow#9935

./cve_XXXX_XXXXX_mod_map_oob.py
CVE-XXXX-XXXXX -- dsop modifier-map out-of-bounds read
malicious server on 127.0.0.1:24800, poison index 0xfbffff04
start a deskflow client (tls disabled) pointed at this address
[*] waiting for client
client connected from 127.0.0.1:46692, handshake complete
sent poisoned dsop, mapped shift modifier to out-of-range index
sent left-shift key down to trigger the translation
[PASS] client survived -- index clamped, fix in place

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant