Hello, during my research on this project, I noticed that opStack variable is not zero-initialized (https://github.com/jnz/q3vm/blob/master/src/vm/vm.c#L873). This can lead to the memory disclosure issue. Ideally, opStack should be zeroed on function entry.
Please see PoC and more details here:
https://github.com/TeamAustria/writeups/blob/main/2024-justctf/q3vm.md
https://enzo.run/posts/justctf2024/
Hello, during my research on this project, I noticed that
opStackvariable is not zero-initialized (https://github.com/jnz/q3vm/blob/master/src/vm/vm.c#L873). This can lead to the memory disclosure issue. Ideally,opStackshould be zeroed on function entry.Please see PoC and more details here:
https://github.com/TeamAustria/writeups/blob/main/2024-justctf/q3vm.md
https://enzo.run/posts/justctf2024/