Follow-up to last week's TeamSpeak bugs: the story behind the use-after-free (CVE-2026-4390).

Follow-up to last week's TeamSpeak bugs: the story behind the use-after-free (CVE-2026-4390). A race in the handshake, a dangling pointer across two hashmaps, and a server that logs "please do not hack me" before it crashes.
https://modzero.com/en/blog/please-do-not-hack-me/

Had some fun poking at the TeamSpeak 3 server. Three bugs in the handshake: UAF, heap overflow in ECC key parsing, and an assertion crash. Two pre-auth. Fixes are out.
https://modzero.com/en/advisories/mz-26-01-teamspeak/