code-review
3OthersCVE-2025-53630 & CVE-2026-27940 > Heap-based buffer overflow via Integer overflow in llama.cpp GGUF parser
Không kiểm tra tràn số khi tính tổng kích thước cần cấp phát gây heap OOB read/write.
Linux Privilege EscalationNimbuspwn > Linux LPE via Path Traversal and TOCTOU in networkd-dispatcher
Nimbuspwn breaks the invariant that “networkd-dispatcher only executes trusted root-owned scripts from its own hooks directory,” which is violated when an attacker first escapes the hooks path via directory traversal and then swaps the checked script path between validation and execution via a TOCTOU race to get arbitrary code run as root.
OthersCVE-2022-0324 > Buffer Overflow in dhcp6relay of SONiC
CVE-2022-0324 breaks the invariant that SONiC’s dhcp6relay must validate DHCPv6 option/payload lengths so it never copies more bytes than the destination buffer can hold.The invariant is violated when a remote attacker sends a crafted DHCPv6 packet that reaches a memcpy with an unchecked length, causing an out-of-bounds write (buffer overflow).