Tag: toc-tou (4)

CTF > Viettel Cyber Security > VCS Passport 2025

final pokemon player

Vulnerability: toc-tou race condition -> out-of-bound write; arbitrary function pointer -> stack buffer overflow using gets()

toc-tou race-condition sink-to-source return-address-overwrite return-oriented-programming stack-buffer-overflow out-of-bound

December 30, 2025 • December 20, 2025 • Medium

CTF > HeroCTF > HeroCTF v7

pwn - Story Contest

It’s time for you to tell your best story, and maybe you’ll be rewarded accordingly. Good luck !

Vulnerability: toc-tou race condition -> stack buffer overflow - improper length check in read()

return-address-overwrite toc-tou race-condition stack-buffer-overflow return-oriented-programming

December 24, 2025 • November 29, 2025 • Medium

CVE Reproduction

Reproducing Nimbuspwn: Linux Privilege Escalation via Path Traversal and TOCTOU in networkd-dispatcher

A technical walkthrough of reproducing Nimbuspwn (CVE-2022-29799 and CVE-2022-29800), privilege escalation vulnerabilities in networkd-dispatcher exploiting path traversal and TOCTOU race...

Vulnerability: toc-tou race condition; unsanitized path; improper check for symlink

path-traversal toc-tou race-condition code-review linux privilege-escalation from-day-zero-to-zero-day d-bus systemd-networkd networkd-dispatcher sink-to-source cve-2022-29799 cve-2022-29800

December 22, 2025 • November 9, 2025 • Research

CTF > PicoCTF > picoCTF 2023

pwn - tic-tac

Someone created a program to read text files; we think the program reads files with root privileges but apparently it...

Vulnerability: toc-tou race condition

race-condition toc-tou privilege-escalation

December 22, 2025 • October 9, 2025 • Hard