Tag: sink-to-source (3)

CTF > Viettel Cyber Security > VCS Passport 2025

final pokemon player

Vulnerability: toc-tou race condition -> out-of-bound write; arbitrary function pointer -> stack buffer overflow using gets()

toc-tou race-condition sink-to-source return-address-overwrite return-oriented-programming stack-buffer-overflow out-of-bound

December 30, 2025 • December 20, 2025 • Medium

CVE Reproduction

Reproducing Nimbuspwn: Linux Privilege Escalation via Path Traversal and TOCTOU in networkd-dispatcher

A technical walkthrough of reproducing Nimbuspwn (CVE-2022-29799 and CVE-2022-29800), privilege escalation vulnerabilities in networkd-dispatcher exploiting path traversal and TOCTOU race...

Vulnerability: toc-tou race condition; unsanitized path; improper check for symlink

path-traversal toc-tou race-condition code-review linux privilege-escalation from-day-zero-to-zero-day d-bus systemd-networkd networkd-dispatcher sink-to-source cve-2022-29799 cve-2022-29800

December 22, 2025 • November 9, 2025 • Research

CVE Reproduction

Reproducing CVE-2022-0324: Buffer Overflow in dhcp6relay of SONiC

CVE-2022-0324 is a stack buffer overflow vulnerability in the memcpy function within the DHCPv6 relay server of the SONiC network...

Vulnerability: stack buffer overflow - improper length check in read()

stack-buffer-overflow cve-2022-0324 from-day-zero-to-zero-day dhcp6relay SONiC sink-to-source code-review

December 22, 2025 • November 4, 2025 • Research