Share
## https://sploitus.com/exploit?id=5BA1D41F-8859-5721-816A-1108576D7D16
# CVE-2026-31431 - AF_ALG AEAD Splice UAF PoC

Multi-language implementation and compatibility with older versions of Python.

## C (`exploit.c`)

```bash
gcc -o exploit exploit.c -O2
gcc -o exploit exploit.c -static -O2
./exploit
```

Tested on Ubuntu 20.04:

![C exploit](img/img.png)

## Python (`exploit-python3-8-10.py`)

Compatible with Python 3.8.10 and older. Compat notes:

- `os.splice()` requires 3.10+ โ€” uses `ctypes` to call libc `splice()` directly
- `setsockopt(..., None, 4)` raises `TypeError` on 3.8 โ€” uses integer form
- Payload stored as `zlib`-compressed hex

```bash
python3 exploit-python3-8-10.py
```

Tested on Ubuntu 20.04 / Python 3.8.10:

![Python exploit](img/img_1.png)

## Disclaimer

For authorized security research and testing only.