Neutralizing Tofsee Spambot – Part 3 | Network-based kill switch

**Executive Summary:** The report details an unbounded-length vulnerability in the CRC32 hash routine used when parsing an InmemoryConfig resource in the Tofsee binary; by crafting a ResourceStructure packet with a manipulated 4-byte len field an attacker can trigger an out-of-bounds read that crashes the process.