Introduction A few months ago, my mentor Eugene Lim challenged my teammate Kar Wei and I to find bugs in Accel-PPP, an open-source VPN server. While conducting a source code review on an unfamiliar software was a painstaking process, we successfully discovered three exploitable memory corruption vulnerabilities: CVE-2022–24704, CVE-2022–24705, and…
