They exploited a linear stack buffer overflow. Not a write-what-where or arb write. A linear stack buffer overflow in 2026! There are at least two distinct failures there:

1. No strong stack protectors.

2. No kASLR.

That's 20-year-old exploit methodology.