Share
## https://sploitus.com/exploit?id=AC829525-21FD-578C-AED2-FF1304EE20C7
# Copy-Fail CVE-2026-31431 Static Go PoC

This repository contains a Go port of the public Python proof of concept from
[`theori-io/copy-fail-CVE-2026-31431`](https://github.com/theori-io/copy-fail-CVE-2026-31431).

The program is Linux-only. It uses the Linux `AF_ALG` interface, AEAD control
messages, and `splice(2)` to preserve the behavior of the original PoC while
building as a small static Go binary.

## Supported Targets

Release builds are generated for:

- `linux/amd64`
- `linux/arm64`
- `linux/386`

macOS and Windows builds are intentionally not published because the PoC depends
on Linux-specific kernel interfaces.

## Download

Tagged releases publish compressed static binaries and a checksum manifest:

- `copy-fail-poc-linux-amd64.tar.gz`
- `copy-fail-poc-linux-arm64.tar.gz`
- `copy-fail-poc-linux-386.tar.gz`
- `SHA256SUMS`

Verify a downloaded artifact with:

```sh
sha256sum -c SHA256SUMS
```

## Build Locally

Requirements:

- Go 1.25 or newer
- Linux target support from the Go toolchain

Build the current host architecture:

```sh
CGO_ENABLED=0 go build -trimpath -ldflags='-s -w -buildid=' -o copy-fail-poc ./cmd/copy-fail-poc
```

Cross-build a Linux target:

```sh
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -trimpath -ldflags='-s -w -buildid=' -o copy-fail-poc-linux-amd64 ./cmd/copy-fail-poc
```

Run tests:

```sh
go test ./...
go vet ./...
```

The tests only cover non-destructive helper logic. They do not execute the PoC
trigger path.

## Usage

Run the binary on a Linux system that you own or are explicitly authorized to
test:

```sh
./copy-fail-poc
```

The behavior depends on the target kernel and local system configuration. The
binary does not guarantee successful exploitation on every Linux system.

## Release Process

The GitHub Actions workflow runs on tags matching `v*` and can also be started
manually from the Actions tab.

Create a release:

```sh
git tag v0.1.0
git push origin v0.1.0
```

For tag builds, the workflow creates a GitHub Release and uploads the Linux
artifacts plus `SHA256SUMS`. For manual runs, artifacts are available from the
workflow run.

## Security Notice

This project is provided for authorized security research, defensive validation,
and educational review only. Do not run it on systems you do not own or do not
have explicit permission to test. You are responsible for complying with all
applicable laws, contracts, and policies.

## Credits

- Original PoC: [`theori-io/copy-fail-CVE-2026-31431`](https://github.com/theori-io/copy-fail-CVE-2026-31431)