cyberstan

  • Hunting Concurrency Bugs: How I Found a Race Condition in Python 3.12

    Hunting Concurrency Bugs: How I Found a Race Condition in Python 3.12

    A use-after-free in CPython’s perf_trampoline January 2026 · CPython Issue #143228 · Fix PR #143233 Summary This post describes a use-after-free in CPython’s perf_trampoline implementation, triggered when sys.deactivate_stack_trampoline() is called concurrently with active bytecode execution. The root cause is free_code_arenas, which munmaps executable memory pages without checking whether worker threads are currently executing code or…

  • Technical Write-up: SQL Injection in Django ORM CVE-2025-64459

    Technical Write-up: SQL Injection in Django ORM CVE-2025-64459

    SQL injection in the Django ORM (CVE-2025-64459) November 2025 · CVE-2025-64459 · Fixed in Django 5.2.8, 5.1.14, 4.2.26 Summary Django’s WhereNode.as_sql formatted the query connector (AND / OR) into the generated SQL via unchecked %s string interpolation. Because the connector value is attacker-reachable through the _connector key of a Q object — and because the…