CVE-2022-37706

Hello guys, I am new to cybersecurity, I found this interesting CVE [CVE-2022-37706](https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit), and I was analysing how it works these few days, but I could not understand where the quote marks " get removed for the /tmp/exploit to be executed!

>Now eina\_strbuf\_new() will just initialize the command that will be passed to
system, the problem here is that we entered it as:

>
>/bin/mount -o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), "/dev/../tmp/;/tmp/exploit" /tmp///net

>
>But the binary calls eina\_strbuf\_append\_printf() for several times and …

cve cybersecurity