35 matches found
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633
CVE-2025-53633 affects Chall-Manager. The vulnerability arises when decoding a scenario (zip archive): the decoded content size is not checked, allowing potential zip-bomb decompression. Exploitation does not require authentication or authorization. A patch was implemented in commit 14042aa and s...
CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-53632
CVE-2025-53632 affects Chall-Manager and describes a path traversal (zip slip) vulnerability during the decoding/extraction of a scenario archive. The root cause is that the target path for extracted files is not checked, enabling arbitrary file writes and potential impact on integrity and availa...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...
PT-2025-29154 · Unknown · Callmanager
Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager is susceptible to a zip bomb decompression issue when decoding scenario zip archives. The vulnerability does not require authentication or authorization for exploitation...
PT-2025-29155 · Unknown · Callmanager
Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service DoS attack via a slow loris attack against its HTTP Gateway. The gateway lac...
PT-2025-29153 · Unknown · Callmanager
Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager is a platform-agnostic system designed to initiate challenges on demand. A zip slip condition exists when decoding scenarios zip archives due to a lack of path validation during...
Chall-Manager 安全漏洞
Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from a failure to check the size of the contents when decompressing a zip file, which could lead to a zip bomb decompression...
Chall-Manager 安全漏洞
Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...
Chall-Manager 路径遍历漏洞
Chall-Manager is an open source project from CTFer.io open source. A path traversal vulnerability exists in versions prior to Chall-Manager 0.1.4, which originates from unzipping a zip file without checking the path of the file, which may lead to arbitrary file overwriting...