Tag: from-day-zero-to-zero-day (3)
CVE Reproduction
Reproducing Nimbuspwn: Linux Privilege Escalation via Path Traversal and TOCTOU in networkd-dispatcher
A technical walkthrough of reproducing Nimbuspwn (CVE-2022-29799 and CVE-2022-29800), privilege escalation vulnerabilities in networkd-dispatcher exploiting path traversal and TOCTOU race...
Vulnerability: toc-tou race condition; unsanitized path; improper check for symlink
path-traversal
toc-tou
race-condition
code-review
linux
privilege-escalation
from-day-zero-to-zero-day
d-bus
systemd-networkd
networkd-dispatcher
sink-to-source
cve-2022-29799
cve-2022-29800
December 22, 2025
•
November 9, 2025
•
Research
CVE Reproduction
Reproducing CVE-2020-8831: Privilege Escalation via Symlink Attack on Apport's Lock File Implementation
CVE-2020-8831 is a vulnerability where an attacker can create a symlink at /var/lock/apport, redirecting Apport's lock file location and leading...
Vulnerability: using hardcoded path without checking for symlink
symlink
lock-file
apport
cve-2020-8831
privilege-escalation
linux
from-day-zero-to-zero-day
code-review
December 22, 2025
•
November 8, 2025
•
Research
CVE Reproduction
Reproducing CVE-2022-0324: Buffer Overflow in dhcp6relay of SONiC
CVE-2022-0324 is a stack buffer overflow vulnerability in the memcpy function within the DHCPv6 relay server of the SONiC network...
Vulnerability: stack buffer overflow - improper length check in read()
stack-buffer-overflow
cve-2022-0324
from-day-zero-to-zero-day
dhcp6relay
SONiC
sink-to-source
code-review
December 22, 2025
•
November 4, 2025
•
Research