n-day
5OthersCVE-2025-53630 & CVE-2026-27940 > Heap-based buffer overflow via Integer overflow in llama.cpp GGUF parser
Không kiểm tra tràn số khi tính tổng kích thước cần cấp phát gây heap OOB read/write.
Linux Privilege EscalationCVE-2021-3156 > Exploiting heap-based buffer overflow in sudo for privilege escalation
Improper handling of escaped space leads to copying data pass null terminator, causing buffer overflow on the heap.
OthersCVE-2019-13288 > XPDF Infinite recursion & Null pointer dereference
CVE-2019-13288 breaks Xpdf’s invariant that the “object stream” referenced by a compressed object must be an uncompressed stream, because the fetch path doesn’t enforce that rule and a crafted xref can make the supposed object stream itself compressed, causing unbounded recursive fetching and a crash.
Linux Privilege EscalationNimbuspwn > Linux LPE via Path Traversal and TOCTOU in networkd-dispatcher
Nimbuspwn breaks the invariant that “networkd-dispatcher only executes trusted root-owned scripts from its own hooks directory,” which is violated when an attacker first escapes the hooks path via directory traversal and then swaps the checked script path between validation and execution via a TOCTOU race to get arbitrary code run as root.
OthersCVE-2022-0324 > Buffer Overflow in dhcp6relay of SONiC
CVE-2022-0324 breaks the invariant that SONiC’s dhcp6relay must validate DHCPv6 option/payload lengths so it never copies more bytes than the destination buffer can hold.The invariant is violated when a remote attacker sends a crafted DHCPv6 packet that reaches a memcpy with an unchecked length, causing an out-of-bounds write (buffer overflow).