Research

• Tar Slip: Path Traversal in OTA Update Client CLI

  2025-12-01

  A deep dive into a path traversal bug I found in an OTA update system’s artifact extraction process. The vulnerability bypasses the staged validation security model, allowing arbitrary file writes during updates. Due to the vendor’s bug bounty program rules prohibiting public disclosure, I’ll refer to the product as “OTAHub” throughout this writeup.

  Table of Contents

  • Overview
  • Technical Background
    • What is OTAHub?
    • The OTAHub Artifact Format
    • OTAHub’s Staged Security Model
  • The Vulnerability Explained
    • Root Cause Analysis
    • Code Flow Breakdown
  • Exploitation
    • Creating the Malicious Artifact
    • Deployment and Verification
  • Impact Analysis
  • The Fix
  • Conclusion

  Overview

  I discovered a path traversal vulnerability in OTAHub’s update module that allows attackers to write arbitrary files anywhere on the target device’s filesystem during artifact extraction. The vulnerability bypasses OTAHub’s staged security model, which is designed to validate artifacts before they touch the production filesystem.

• CVE-2025-9074: Docker Desktop Container Escape Analysis

  2025-09-01

  Overview

  CVE-2025-9074 is a critical container escape vulnerability in Docker Desktop with a CVSS score of 9.3. The vulnerability allows containers to access the Docker Engine API without requiring sophisticated exploitation techniques or deep technical knowledge.

  The issue affects Docker Desktop installations on Windows systems that use WSL2 (Windows Subsystem for Linux 2) for container functionality. This includes Windows Server deployments and developer workstations. The vulnerability stems from a network configuration issue where containers can directly access the Docker Engine API at 192.168.65.7:2375.

• Analysis of CVE-2022–30781

  2025-04-10

  ---

  How Git Fetch Resulted in Critical Remote Code Execution in Gitea

  

  Good Morning, Everyone!

  In today’s post, I’ll dive into an analysis of CVE-2022–30781, a critical vulnerability found in the Gitea platform. This CVE allows attackers to execute remote code on the affected server, posing a significant security risk.

  Here’s what we’ll cover:

  1. Understanding How the CVE Works
  2. Writing Our Own Exploit
  3. How the Gitea Team Fixed It

  Let’s jump in and enjoy