/CVE-Exploits

PoCs for public CVE's I have been working on.

Primary LanguageC

CVE Exploit PoCs

Some PoCs for public CVEs I have been working on.

Current exploits

  • CVE-2019-18634: Stack-based buffer overflow in sudo tgetpass.c when pwfeedback module is enabled
  • CVE-2021-3156: Heap-based buffer overflow in sudo sudoers.c when an argv ends with backslash character.
  • jad OOB write: JAD out-of-bounds write leading to code execution (No CVE given yet)