CalvinBackup/JGoyd
1
0
Fork 0
mirror of https://github.com/JGoyd/JGoyd.git synced 2026-06-25 01:29:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Publish canonical activity front page

Browse Source
This commit is contained in:
Joseph R. Goydish II
2026-05-21 13:09:55 -07:00
parent ebe1b69bcd
commit 344a6beb62
10 changed files with 594 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+56 -105
View File
@@ -1,126 +1,77 @@
# "For the Record"
# Joseph R. Goydish II
This repository serves as the canonical, cryptographically anchored ledger of my security research (Track B) and regulatory/whistleblower disclosures (Track A).
Public-interest technical record, evidence preservation, and signed activity ledger.
This system is built on an **Active Forensic** architecture. I do not ask for trust; I provide the third-party cryptographic and institutional anchors required for independent verification.
This profile indexes public records, signed ledger entries, submissions, receipts, hashes, and supporting artifacts that can be checked independently. The strongest current anchors are two CNVD/CNCERT certificate exhibits naming `Joseph Goydish` as contributor for Apple vulnerability records, plus a five-CVE CISA/NVD rescore trail tied to public vulnrichment filings.
## Core Metrics
- **Total Cases:** 27
- **Verifiable Timeline Events:** 187
- **High-Impact CVE Rescores:** 5 (3× CVSS 10.0, 2× CVSS 9.8)
- **Institutional Jurisdictions:** 12
- **Cryptographic Root:** PGP Fingerprint `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`
## Canonical Record
---
For the visual front page, open [`index.html`](./index.html). If GitHub Pages is enabled for this repository, that file is the browser landing page for the canonical activity record.
## 🛡️ Identity & Verification
The full chronological record remains in [`Running-Ledger`](https://github.com/JGoyd/Running-Ledger): submissions, receipts, DKIM/e-signed evidence, reference numbers, packet hashes, and signed ledger entries.
### PGP Public Key
- **Fingerprint:** `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`
- **Verification:** All commits in this repository are signed by a YubiKey hardware token.
- **Identity Attestation:** See [`/canonical/identity-attestation.txt.asc`](./canonical/identity-attestation.txt.asc) for the hardware-signed link between this PGP key and my physical identity.
## Public Anchors
### Running Ledger
The central index of all activity is [`/ledger/running-ledger.txt`](./ledger/running-ledger.txt). It is detached-signed (`.asc`) and OpenTimestamps-anchored (`.ots`).
| Anchor | What the record shows | Proof path |
| --- | --- | --- |
| CNVD/CNCERT certificates | Two Apple vulnerability certificate records name `Joseph Goydish` as contributor: CNVD-2025-06744 and CNVD-2025-07885 | [`anchors/`](./anchors/) |
| CISA/NVD rescore trail | Five Apple CVEs on public scoring-history trail: three CVSS 10.0 and two CVSS 9.8 | [`anchors/cisa-nvd-vulnrichment-rescore/`](./anchors/cisa-nvd-vulnrichment-rescore/) |
| CERT/CC chronology | VINCE case timing predates relevant Apple advisories in the public chronology | [`anchors/certcc-vince-chronology/`](./anchors/certcc-vince-chronology/) |
| Signed ledger | Chronological index of public anchors, submissions, receipts, DKIM/e-signed evidence, hashes, and reference numbers | [`Running-Ledger`](https://github.com/JGoyd/Running-Ledger) |
---
## Public Technical Anchors
## Section 1: Security Research (Track B)
| Record | Date | Contributor / filing | Public status |
| --- | ---: | --- | --- |
| CNVD-2025-06744, Apple iOS / iPadOS buffer overflow | 2025-03-18 | CNVD-YCGO-202503023656 names `Joseph Goydish` | CNVD/CNCERT certificate exhibit |
| CNVD-2025-07885, Apple memory reuse | 2025-04-22 | CNVD-YCGO-202504012519 names `Joseph Goydish` | CNVD/CNCERT certificate exhibit |
| CVE-2025-24085 | 2025-01-27 | `cisagov/vulnrichment#194` | CVSS 10.0 public rescore trail |
| CVE-2025-24201 | 2025-03-11 | `cisagov/vulnrichment#194` | CVSS 10.0 public rescore trail |
| CVE-2025-43300 | 2025-08-20 | `cisagov/vulnrichment#201` | CVSS 10.0 public rescore trail |
| CVE-2025-31200 | 2025-04-16 | `cisagov/vulnrichment#200` | CVSS 9.8 public rescore trail |
| CVE-2025-31201 | 2025-04-16 | `cisagov/vulnrichment#200` | CVSS 9.8 public rescore trail |
### Flagship: VU#395558 / Glass Cage (CVSS 10.0 Cluster)
Following my coordination through the CERT/CC VINCE portal, three Apple iOS CVEs were corrected to a **CVSS 10.0 (Critical)** score.
The record supports a narrow chronology: CERT/CC VINCE timing before relevant Apple advisories, followed later by public CISA/NVD scoring-history activity tied to public filings.
| Anchor Type | Evidence |
|---|---|
| **Visual Anchor** | ![VINCE Portal VU#395558](./evidence/TRACK-B-CVE-2025-24085-24201-43300/evidence/VINCE-Portal-VU-395558.1.jpg) |
| **CERT/CC DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=cert.org` |
| **CISA/DHS DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=associates.cisa.dhs.gov` |
## Signed Ledger
---
The ledger is the public index, not the whole archive. It records:
## Section 2: Regulatory & Whistleblower Filings (Track A)
| Evidence class | What it can establish |
| --- | --- |
| Public anchors | CNVD/CNCERT records, NVD/CISA records, public repositories, public advisories |
| Submission and receipt evidence | Agency intake, reference numbers, ticket IDs, e-signed receipts, DKIM-valid messages |
| Local integrity evidence | SHA-256 hashes, signed notes, detached signatures, archive references |
**Standing Disclaimer:** Filing and agency acknowledgement does not constitute adjudication of underlying claims.
## Verify
### Global Institutional Anchors (Cryptographic Proof)
The following snippets prove institutional intake via cryptographic handshake (DKIM-pass). Raw `.eml` files are available in the `evidence/` folders.
```text
OpenPGP fingerprint: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
GitHub account: https://github.com/JGoyd
Primary ledger: Running-Ledger repository
Identity attestation: ./canonical/identity-attestation.txt.asc
```
#### 🏛️ US Securities and Exchange Commission (SEC)
- **Matter ID:** `20260513-00019687`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=sec.gov
From: Ombuds OMMS <ombudsmanomms@sec.gov>
```
```bash
gpg --keyserver hkps://keys.openpgp.org --recv-keys 4A041F506D894F5EE391743864878B56A2EB2D11
gpg --fingerprint --keyid-format long 4A041F506D894F5EE391743864878B56A2EB2D11
# Run this from a checked-out copy of the Running-Ledger repository:
gpg --verify running-ledger.txt.asc running-ledger.txt
```
#### 🏛️ European Commission — OLAF
- **Status:** Intake Acknowledged.
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ec.europa.eu
From: <OLAF-FM-A1@ec.europa.eu>
```
A good signature verifies authorship of the ledger file. Each underlying claim still has to be checked against its cited public record, receipt, header, reference number, or hash.
#### 🏛️ Singapore — Corrupt Practices Investigation Bureau (CPIB)
- **Response ID:** `69f824dfe5ef7daf3b78ccee`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=form.gov.sg
Subject: [CPIB Corruption Reporting Form] Copy of your response
```
## Operating Line
#### 🏛️ Slovak Republic — General Prosecutor's Office
- **Case ID:** `260428070422263`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=genpro.gov.sk
From: <GPSR@genpro.gov.sk>
```
#### 🏛️ Taiwan — National Communications Commission (NCC)
- **Matter ID:** `1156500716`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ncc.gov.tw
From: <ncc65@ncc.gov.tw>
```
#### 🏛️ UK — Financial Conduct Authority (FCA)
- **Case Ref:** `212278528`
- **Anchor Snippet:**
```text
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=fca.org.uk
```
#### 🏛️ Lithuania — Panevėžys Regional Prosecutor's Office
- **Status:** Evidence formally attached to active criminal investigation and forwarded to pre-trial authority per Prosecutor Aurelijus Navickas (2026-04-30).
- **Case ID:** `01-1-03450-26`
---
## Forensic Verification Guide
To programmatically verify the legitimacy of this repository without trusting the author, any researcher or AI agent can run the following:
1. **Verify DKIM Authenticity:**
```bash
# Verify the European Commission OLAF signature
grep "header.d=ec.europa.eu" evidence/TRACK-A-OLAF-Mandelson-Carbyne/evidence/*.eml
# Verify the Singapore Govt (CPIB) signature
grep "header.d=form.gov.sg" evidence/TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee/evidence/*.eml
```
2. **Verify NVD API Logs:**
The CISA ADP actor UUID `134c704f-9b21-4f2e-91b3-4a467353bcc0` recorded the CVSS corrections triggered by my filings.
`curl -s 'https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200'`
3. **Verify Ledger Integrity:**
```bash
gpg --verify ledger/running-ledger.txt.asc ledger/running-ledger.txt
```
---
- Public records are separated from submission receipts.
- Agency acknowledgement means receipt or intake, not adjudication.
- DKIM/e-signed messages establish provenance of a message or receipt, not the truth of every submitted allegation.
- Sensitive packet bodies, credentials, private keys, exploit code, and unpublished raw evidence are not published here.
## Contact
**Joseph R. Goydish II**
Secure Channel: Proton Mail - esq.jg.legal@proton.me
PGP: `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`
```text
Joseph R. Goydish II
Secure channel: esq.jg.legal@proton.me
PGP: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
```
anchors/README.md
+12
View File
@@ -0,0 +1,12 @@
# Canonical Anchor Index
Short index for the strongest public proof paths. The broader activity record remains in the running ledger.
| Anchor | What it establishes | Link |
| --- | --- | --- |
| CNVD-2025-06744 | CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple iOS / iPadOS buffer-overflow record | [`cnvd-2025-06744/`](./cnvd-2025-06744/) |
| CNVD-2025-07885 | CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple memory-reuse record | [`cnvd-2025-07885/`](./cnvd-2025-07885/) |
| CISA/NVD rescore trail | Five Apple CVEs on public CISA/NVD scoring-history trail tied to public vulnrichment filings | [`cisa-nvd-vulnrichment-rescore/`](./cisa-nvd-vulnrichment-rescore/) |
| CERT/CC chronology | VINCE timing that predates relevant Apple advisories | [`certcc-vince-chronology/`](./certcc-vince-chronology/) |
The deeper `evidence/` tree remains the archive. This index keeps the review path short.
anchors/certcc-vince-chronology/README.md
+8
View File
@@ -0,0 +1,8 @@
# CERT/CC VINCE Chronology
| Date | Reference | What it supports |
| ---: | --- | --- |
| 2025-01-09 | VU#395558 | CERT/CC VINCE chronology begins before Apple's 2025-01-27 advisory in the first Apple chain |
| 2025-01-21 | VRF#25-01-MPVDT / gen-41698 | CERT/CC VINCE submission chronology begins before Apple's 2025-04-16 advisory for CVE-2025-31200 and CVE-2025-31201 |
This anchor is used for chronology: when the coordination trail started relative to later public advisories.
anchors/cisa-nvd-vulnrichment-rescore/README.md
+13
View File
@@ -0,0 +1,13 @@
# CISA / NVD Vulnrichment Rescore Trail
Five Apple CVEs appear in the public CISA/NVD scoring-history trail tied to `JGoyd` vulnrichment filings: three CVSS 10.0 and two CVSS 9.8.
| CVE | Score | Filing | Public reference |
| --- | ---: | --- | --- |
| CVE-2025-24085 | 10.0 | `cisagov/vulnrichment#194` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-24085) |
| CVE-2025-24201 | 10.0 | `cisagov/vulnrichment#194` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-24201) |
| CVE-2025-43300 | 10.0 | `cisagov/vulnrichment#201` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-43300) |
| CVE-2025-31200 | 9.8 | `cisagov/vulnrichment#200` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-31200) |
| CVE-2025-31201 | 9.8 | `cisagov/vulnrichment#200` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-31201) |
This page records the public scoring-history lane. It does not convert a rescore into vendor attribution.
anchors/cnvd-2025-06744/README.md
+15
View File
@@ -0,0 +1,15 @@
# CNVD-2025-06744
| Field | Value |
| --- | --- |
| Issuer | CNVD / CNCERT |
| Certificate | CNVD-YCGO-202503023656 |
| Record | CNVD-2025-06744 |
| Subject | Apple iOS / iPadOS buffer overflow |
| Printed contributor | Joseph Goydish |
| Record date | 2025-03-18 |
| SHA-256 | `352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C` |
Primary exhibit: [`../../evidence/TRACK-B-CNVD-2025-06744/`](../../evidence/TRACK-B-CNVD-2025-06744/)
This anchor is cited for what the certificate record itself establishes: certificate number, vulnerability label, contributor name, record date, and stable PDF hash.
anchors/cnvd-2025-07885/README.md
+15
View File
@@ -0,0 +1,15 @@
# CNVD-2025-07885
| Field | Value |
| --- | --- |
| Issuer | CNVD / CNCERT |
| Certificate | CNVD-YCGO-202504012519 |
| Record | CNVD-2025-07885 |
| Subject | Apple memory reuse |
| Printed contributor | Joseph Goydish |
| Record date | 2025-04-22 |
| SHA-256 | `D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8` |
Primary exhibit: [`../../evidence/TRACK-B-CNVD-2025-07885/`](../../evidence/TRACK-B-CNVD-2025-07885/)
This anchor is cited for what the certificate record itself establishes: certificate number, vulnerability label, contributor name, record date, and stable PDF hash.
anchors/index.html
+133
View File
@@ -0,0 +1,133 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Canonical Anchor Index</title>
<style>
:root {
color-scheme: dark;
--bg: #090c0f;
--panel: #10161b;
--ink: #e7ece8;
--muted: #9aa7a0;
--line: #2a343a;
--green: #5aa36a;
--blue: #6aa6d8;
--amber: #c79a45;
}
* { box-sizing: border-box; }
body {
margin: 0;
background:
linear-gradient(90deg, rgba(231,236,232,.035) 1px, transparent 1px),
linear-gradient(0deg, rgba(231,236,232,.025) 1px, transparent 1px),
var(--bg);
background-size: 30px 30px;
color: var(--ink);
font-family: "Aptos", "Segoe UI", system-ui, sans-serif;
line-height: 1.5;
}
a { color: var(--blue); }
.wrap {
max-width: 1040px;
margin: 0 auto;
padding: 30px 20px;
}
header {
border-bottom: 1px solid var(--line);
background: rgba(9,12,15,.92);
}
.eyebrow {
margin: 0 0 10px;
color: var(--blue);
font-size: .76rem;
font-weight: 850;
letter-spacing: .11em;
text-transform: uppercase;
}
h1 {
margin: 0;
font-size: clamp(2rem, 5vw, 4rem);
line-height: 1;
letter-spacing: 0;
}
p { color: var(--muted); }
.grid {
display: grid;
gap: 12px;
margin-top: 20px;
grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));
}
.card {
border: 1px solid var(--line);
background: var(--panel);
padding: 14px;
}
h2 {
margin: 0 0 8px;
font-size: 1rem;
}
.chip {
display: inline-flex;
margin-bottom: 10px;
padding: 3px 7px;
background: var(--green);
color: #07100b;
font-size: .72rem;
font-weight: 850;
text-transform: uppercase;
}
.amber { background: var(--amber); }
.blue { background: var(--blue); }
.back {
display: inline-block;
margin-top: 22px;
border: 1px solid var(--line);
padding: 8px 12px;
text-decoration: none;
color: var(--ink);
}
</style>
</head>
<body>
<header>
<div class="wrap">
<p class="eyebrow">Canonical Anchor Index</p>
<h1>Primary proof paths.</h1>
<p>Short path into the strongest public records. The complete activity chronology remains in the running ledger.</p>
</div>
</header>
<main>
<div class="wrap">
<div class="grid">
<article class="card">
<span class="chip">Certificate</span>
<h2>CNVD-2025-06744</h2>
<p>CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple iOS / iPadOS buffer-overflow record.</p>
<a href="./cnvd-2025-06744/">Open anchor</a>
</article>
<article class="card">
<span class="chip">Certificate</span>
<h2>CNVD-2025-07885</h2>
<p>CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple memory-reuse record.</p>
<a href="./cnvd-2025-07885/">Open anchor</a>
</article>
<article class="card">
<span class="chip blue">Public record</span>
<h2>CISA / NVD rescore trail</h2>
<p>Five Apple CVEs on public CISA/NVD scoring-history trail, with direct NVD and history API links.</p>
<a href="./cisa-nvd-vulnrichment-rescore/">Open anchor</a>
</article>
<article class="card">
<span class="chip amber">Chronology</span>
<h2>CERT/CC VINCE trail</h2>
<p>VINCE timing for VU#395558 and VRF#25-01-MPVDT / gen-41698 relative to later Apple advisories.</p>
<a href="./certcc-vince-chronology/">Open anchor</a>
</article>
</div>
<a class="back" href="../index.html">Back to canonical record</a>
</div>
</main>
</body>
</html>
evidence/TRACK-B-CNVD-2025-06744/README.md
+35 -45
View File
@@ -1,61 +1,51 @@
# CNVD-2025-06744 / CNVD-YCGO-202503023656 — Apple iOS / iPadOS buffer-overflow vulnerability (Track B, Provisional)
# CNVD-2025-06744 / CNVD-YCGO-202503023656
> **Status:** Provisional. Upgraded from Stub on 2026-05-18 upon receipt of the issuing-body certificate PDF.
> **Track B standing disclaimer:** Filing and agency acknowledgement does not constitute adjudication of the underlying claims.
Apple iOS / iPadOS buffer-overflow certificate.
## My Role
## Status
**Original-vulnerability contributor**, per the literal text of the issued certificate (see "External Anchors" below). The certificate header reads 原创漏洞证明 ("Original Vulnerability Certificate") and identifies the contributor (贡献者) as **Joseph Goydish**, affiliated as 个人报送者 ("individual submitter / personal contributor"). This is a faithful translation of the document; it is not a self-characterization.
Anchor-grade CNVD/CNCERT certificate exhibit.
For the broader credit-asymmetry context that places this certificate in the Glass Cage flagship narrative, see "Cross-references" below.
This folder should be cited as a CNVD/CNCERT original-vulnerability certificate record naming Joseph Goydish as contributor.
## Affected Product / Vendor
## Certificate Facts
Apple iOS and Apple iPadOS — vulnerability class per certificate: 缓冲区溢出漏洞 ("buffer-overflow vulnerability"), 通用—操作系统-高危 ("general — operating system — high severity"). Specific build range and patch mapping are not disclosed on the certificate itself and are withheld here pending vendor advisory or CVE assignment.
## Timeline
| Date | Event | External source / reference |
|---|---|---|
| 2025-03-18 | CNVD records submission; certificate `CNVD-YCGO-202503023656` issued | Issuing-body PDF (staged) |
| 2026-05-18 | Certificate PDF received in scaffold; folder upgraded Stub → Provisional | This README |
## External Anchors
- **Issuing body:** 国家信息安全漏洞共享平台 (China National Vulnerability Database, CNVD), under 国家互联网应急中心 / CNCERT (China's national CERT), with co-issuance line for 中国互联网协会网络与信息安全工作委员会 (Internet Society of China — Network & Information Security Committee). CNCERT is the sovereign CERT counterpart to US-CERT/CISA.
- **CNVD vulnerability identifier:** `CNVD-2025-06744` — sole-namespace, server-issued
- **CNVD original-vulnerability certificate number:** `CNVD-YCGO-202503023656` — sole-namespace, server-issued
- **Vulnerability-class designation on certificate:** 通用—操作系统-高危 (general / OS / high severity)
- **Contributor named on certificate (verbatim):** Joseph Goydish, 个人报送者 (personal contributor)
- **Date of record on certificate (verbatim):** `2025年03月18日` (printed under 收录时间 / "recording date")
- **Anchor class:** Tier 1 (sovereign-CERT certificate PDF). Promoted from Tier 0 stub on 2026-05-18.
| Field | Value |
| --- | --- |
| Issuing body shown on PDF | China National Vulnerability Database (CNVD), with CNCERT line |
| Certificate class shown on PDF | Original vulnerability certificate |
| CNVD vulnerability ID | CNVD-2025-06744 |
| Certificate number | CNVD-YCGO-202503023656 |
| Vulnerability label | Apple iOS / Apple iPadOS buffer overflow |
| Severity class printed on PDF | General / operating system / high severity |
| Contributor printed on PDF | Joseph Goydish |
| Contributor affiliation printed on PDF | Individual submitter |
| Record date printed on PDF | 2025-03-18 |
## Evidence
| # | Artifact | Path (relative to this folder's `evidence/`) | SHA-256 | OTS | PGP |
|---|---|---|---|---|---|
| 1 | CNVD original-vulnerability certificate (issuing-body PDF) | `CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf` | `352a56ff1319e1b8138b1f4c6f55b652cf09ccd8c6784610e3a3ef6a9a80723c` | pending (batch 11 anchor script) | pending (batch 11 anchor script) |
| Artifact | Path | SHA-256 |
| --- | --- | --- |
| CNVD original-vulnerability certificate PDF | `evidence/CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf` | `352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C` |
## Verification Steps
## Verification
1. Compute `sha256sum` of the staged PDF and confirm it matches the hash recorded above byte-for-byte.
2. After running `ANCHOR-COMMANDS-2026-05-18-batch10.sh`, the `.ots` proof binds the PDF's bytes to a Bitcoin-block timestamp post-dating the stamp time, and the `.asc` detached PGP signature binds the bytes to the filer's canonical key `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`.
3. CNVD vulnerability identifiers and certificate numbers are server-issued by CNCERT infrastructure and are not user-supplied; the sole-namespace property establishes that the issuance event could only have been originated by the issuing body.
4. The contributor name string "Joseph Goydish" appears rendered as embedded text in the PDF (extractable via standard PDF text extraction); no overlay or annotation layer is present.
```powershell
Get-FileHash -Algorithm SHA256 .\evidence\CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf
```
## Cross-references
The hash must match the value above.
- **TRACK-B-CVE-2025-24085-24201-43300 (Glass Cage flagship #2):** The filer attests that the underlying technical material disclosed under CNVD-2025-06744 and CNVD-2025-07885 is the same body of work documented under the Glass Cage chain (CVE-2025-24085, CVE-2025-24201, CVE-2025-43300). Recorded as **filer attestation**, not as adjudicated finding. The credit-asymmetry pattern — Apple's advisories crediting other reporters for the underlying patches while CNCERT/CNVD issued formal original-vulnerability certificates to this filer — is documented in the Glass Cage README's "Apple's advisories credit other reporters" section.
- **TRACK-B-CNVD-2025-07885:** Sibling CNVD certificate, same issuing body, dated 2025-04-22, for an Apple-products memory-release-then-reuse (use-after-free) vulnerability class. Both certificates were issued to the same contributor under the same affiliation string within a five-week window.
PDF text extraction confirms the certificate identifies:
## Disclosure Status
```text
CNVD-2025-06744
Apple iOS and Apple iPadOS buffer overflow
Contributor: Joseph Goydish
Certificate: CNVD-YCGO-202503023656
Record date: 2025-03-18
```
Coordinated through CNVD's standard intake. The certificate's existence establishes that CNCERT recorded and accepted the submission as an original-vulnerability contribution. No vendor advisory or matching CVE-ID cross-reference is asserted on the certificate itself; any such mapping is the filer's attested context, not an issuing-body finding.
## Weight
## Safety Notes
No exploit payload, no PoC, no weaponized technical detail is staged in this folder or referenced in this README. The artifact is the issuing-body certificate document, nothing more. Vulnerability-class language ("buffer overflow") is reproduced solely as it appears verbatim on the certificate.
## Anchor-class commentary
This is the system's first appearance of a **sovereign-CERT original-vulnerability certificate** as a Track B anchor. Unlike DKIM-signed acknowledgement emails (which prove "the agency's mail server emitted this string at this time") and unlike GitHub-public-issue URLs (which prove "this issue text was visible on a third-party platform"), an original-vulnerability certificate PDF from a national CERT body asserts a *substantive* finding by the issuing body: that the named contributor's submission was recorded as an original vulnerability disclosure. The certificate does not adjudicate vendor liability, exploit reachability, or patch mapping; per Track B standing disclaimer, none of those are asserted here either.
This is an issuing-body certificate from China's national vulnerability database/CNCERT. It records CNVD-2025-06744 as an original-vulnerability certificate exhibit for an Apple iOS / iPadOS buffer-overflow vulnerability and names Joseph Goydish as contributor.
evidence/TRACK-B-CNVD-2025-07885/README.md
+35 -45
View File
@@ -1,61 +1,51 @@
# CNVD-2025-07885 / CNVD-YCGO-202504012519 — Apple multi-product memory use-after-free vulnerability (Track B, Provisional)
# CNVD-2025-07885 / CNVD-YCGO-202504012519
> **Status:** Provisional. Upgraded from Stub on 2026-05-18 upon receipt of the issuing-body certificate PDF.
> **Track B standing disclaimer:** Filing and agency acknowledgement does not constitute adjudication of the underlying claims.
Apple multi-product memory-reuse certificate.
## My Role
## Status
**Original-vulnerability contributor**, per the literal text of the issued certificate (see "External Anchors" below). The certificate header reads 原创漏洞证明 ("Original Vulnerability Certificate") and identifies the contributor (贡献者) as **Joseph Goydish**, affiliated as 个人报送者 ("individual submitter / personal contributor"). This is a faithful translation of the document; it is not a self-characterization.
Anchor-grade CNVD/CNCERT certificate exhibit.
For the broader credit-asymmetry context that places this certificate in the Glass Cage flagship narrative, see "Cross-references" below.
This folder should be cited as a CNVD/CNCERT original-vulnerability certificate record naming Joseph Goydish as contributor.
## Affected Product / Vendor
## Certificate Facts
Apple multi-product (per certificate title: Apple多款产品) — vulnerability class: 内存释放后再利用漏洞 ("memory-release-then-reuse vulnerability", i.e. use-after-free / UAF), 通用—操作系统-高危 ("general — operating system — high severity"). Specific build range and patch mapping are not disclosed on the certificate itself and are withheld here pending vendor advisory or CVE assignment.
## Timeline
| Date | Event | External source / reference |
|---|---|---|
| 2025-04-22 | CNVD records submission; certificate `CNVD-YCGO-202504012519` issued | Issuing-body PDF (staged) |
| 2026-05-18 | Certificate PDF received in scaffold; folder upgraded Stub → Provisional | This README |
## External Anchors
- **Issuing body:** 国家信息安全漏洞共享平台 (China National Vulnerability Database, CNVD), under 国家互联网应急中心 / CNCERT (China's national CERT), with co-issuance line for 中国互联网协会网络与信息安全工作委员会 (Internet Society of China — Network & Information Security Committee). CNCERT is the sovereign CERT counterpart to US-CERT/CISA.
- **CNVD vulnerability identifier:** `CNVD-2025-07885` — sole-namespace, server-issued
- **CNVD original-vulnerability certificate number:** `CNVD-YCGO-202504012519` — sole-namespace, server-issued
- **Vulnerability-class designation on certificate:** 通用—操作系统-高危 (general / OS / high severity)
- **Contributor named on certificate (verbatim):** Joseph Goydish, 个人报送者 (personal contributor)
- **Date of record on certificate (verbatim):** `2025年04月22日` (printed under 收录时间 / "recording date")
- **Anchor class:** Tier 1 (sovereign-CERT certificate PDF). Promoted from Tier 0 stub on 2026-05-18.
| Field | Value |
| --- | --- |
| Issuing body shown on PDF | China National Vulnerability Database (CNVD), with CNCERT line |
| Certificate class shown on PDF | Original vulnerability certificate |
| CNVD vulnerability ID | CNVD-2025-07885 |
| Certificate number | CNVD-YCGO-202504012519 |
| Vulnerability label | Apple multi-product memory reuse |
| Severity class printed on PDF | General / operating system / high severity |
| Contributor printed on PDF | Joseph Goydish |
| Contributor affiliation printed on PDF | Individual submitter |
| Record date printed on PDF | 2025-04-22 |
## Evidence
| # | Artifact | Path (relative to this folder's `evidence/`) | SHA-256 | OTS | PGP |
|---|---|---|---|---|---|
| 1 | CNVD original-vulnerability certificate (issuing-body PDF) | `CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf` | `d5bb17d5a27eabd32d272173116c90f89f12cdd912a26969115007383a7f21c8` | pending (batch 11 anchor script) | pending (batch 11 anchor script) |
| Artifact | Path | SHA-256 |
| --- | --- | --- |
| CNVD original-vulnerability certificate PDF | `evidence/CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf` | `D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8` |
## Verification Steps
## Verification
1. Compute `sha256sum` of the staged PDF and confirm it matches the hash recorded above byte-for-byte.
2. After running `ANCHOR-COMMANDS-2026-05-18-batch10.sh`, the `.ots` proof binds the PDF's bytes to a Bitcoin-block timestamp post-dating the stamp time, and the `.asc` detached PGP signature binds the bytes to the filer's canonical key `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`.
3. CNVD vulnerability identifiers and certificate numbers are server-issued by CNCERT infrastructure and are not user-supplied; the sole-namespace property establishes that the issuance event could only have been originated by the issuing body.
4. The contributor name string "Joseph Goydish" appears rendered as embedded text in the PDF (extractable via standard PDF text extraction); no overlay or annotation layer is present.
```powershell
Get-FileHash -Algorithm SHA256 .\evidence\CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf
```
## Cross-references
The hash must match the value above.
- **TRACK-B-CVE-2025-24085-24201-43300 (Glass Cage flagship #2):** The filer attests that the underlying technical material disclosed under CNVD-2025-07885 and CNVD-2025-06744 is the same body of work documented under the Glass Cage chain (CVE-2025-24085, CVE-2025-24201, CVE-2025-43300). Recorded as **filer attestation**, not as adjudicated finding. The credit-asymmetry pattern — Apple's advisories crediting other reporters for the underlying patches while CNCERT/CNVD issued formal original-vulnerability certificates to this filer — is documented in the Glass Cage README's "Apple's advisories credit other reporters" section.
- **TRACK-B-CNVD-2025-06744:** Sibling CNVD certificate, same issuing body, dated 2025-03-18, for an Apple iOS/iPadOS buffer-overflow vulnerability class. Both certificates were issued to the same contributor under the same affiliation string within a five-week window.
PDF text extraction confirms the certificate identifies:
## Disclosure Status
```text
CNVD-2025-07885
Apple multi-product memory reuse
Contributor: Joseph Goydish
Certificate: CNVD-YCGO-202504012519
Record date: 2025-04-22
```
Coordinated through CNVD's standard intake. The certificate's existence establishes that CNCERT recorded and accepted the submission as an original-vulnerability contribution. No vendor advisory or matching CVE-ID cross-reference is asserted on the certificate itself; any such mapping is the filer's attested context, not an issuing-body finding.
## Weight
## Safety Notes
No exploit payload, no PoC, no weaponized technical detail is staged in this folder or referenced in this README. The artifact is the issuing-body certificate document, nothing more. Vulnerability-class language ("memory-release-then-reuse" / use-after-free) is reproduced solely as it appears verbatim on the certificate.
## Anchor-class commentary
Per the same framing as the sibling folder: this is a **sovereign-CERT original-vulnerability certificate** anchor — a substantively different evidentiary class from DKIM-signed acknowledgement emails or GitHub-public-issue URL snapshots. The issuing body asserts the contributor was recorded as an original-vulnerability submitter; the certificate does not adjudicate vendor liability, exploit reachability, or patch mapping; per Track B standing disclaimer, none of those are asserted here either.
This is an issuing-body certificate from China's national vulnerability database/CNCERT. It records CNVD-2025-07885 as an original-vulnerability certificate exhibit for an Apple memory-reuse vulnerability and names Joseph Goydish as contributor.
index.html
+272
View File
@@ -0,0 +1,272 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Canonical Activity Record - Joseph Goydish</title>
<style>
:root {
color-scheme: dark;
--bg: #090c0f;
--panel: #10161b;
--panel-2: #0d1216;
--ink: #e7ece8;
--muted: #9aa7a0;
--line: #2a343a;
--green: #5aa36a;
--blue: #6aa6d8;
--amber: #c79a45;
--mono: #172027;
}
* { box-sizing: border-box; }
body {
margin: 0;
background:
linear-gradient(90deg, rgba(231,236,232,.035) 1px, transparent 1px),
linear-gradient(0deg, rgba(231,236,232,.025) 1px, transparent 1px),
radial-gradient(circle at 15% 0%, rgba(106,166,216,.10), transparent 28%),
var(--bg);
background-size: 30px 30px, 30px 30px, auto, auto;
color: var(--ink);
font-family: "Aptos", "Segoe UI", system-ui, sans-serif;
line-height: 1.5;
}
a { color: var(--blue); }
.wrap {
max-width: 1140px;
margin: 0 auto;
padding: 30px 20px;
}
header {
border-bottom: 1px solid var(--line);
background: rgba(9,12,15,.92);
}
.eyebrow {
margin: 0 0 10px;
color: var(--blue);
font-size: .76rem;
font-weight: 850;
letter-spacing: .11em;
text-transform: uppercase;
}
h1 {
max-width: 940px;
margin: 0;
font-size: clamp(2.1rem, 5vw, 4.45rem);
line-height: 1;
letter-spacing: 0;
}
h2 {
margin: 0 0 14px;
font-size: 1.12rem;
letter-spacing: 0;
}
h3 {
margin: 0 0 8px;
font-size: 1rem;
}
p { margin: 0 0 14px; }
.lede {
max-width: 840px;
margin-top: 16px;
color: var(--muted);
font-size: 1rem;
}
.actions, .chips {
display: flex;
flex-wrap: wrap;
gap: 8px;
}
.actions { margin-top: 20px; }
.button {
display: inline-flex;
align-items: center;
min-height: 40px;
padding: 9px 13px;
border: 1px solid var(--line);
border-radius: 0;
background: var(--panel);
color: var(--ink);
text-decoration: none;
font-weight: 760;
}
.button.primary {
border-color: var(--green);
background: #14301f;
color: #eaffef;
}
main .wrap {
display: grid;
gap: 18px;
}
section, .card, .stat {
border: 1px solid var(--line);
border-radius: 0;
background: rgba(16,22,27,.94);
}
section { padding: 20px; }
.stat-grid, .card-grid {
display: grid;
gap: 12px;
grid-template-columns: repeat(auto-fit, minmax(235px, 1fr));
}
.stat, .card { padding: 14px; }
.label {
display: block;
margin-bottom: 5px;
color: var(--muted);
font-size: .72rem;
font-weight: 850;
letter-spacing: .08em;
text-transform: uppercase;
}
.chip {
display: inline-flex;
width: fit-content;
border-radius: 0;
padding: 3px 7px;
color: #07100b;
font-size: .72rem;
font-weight: 850;
}
.public { background: var(--green); }
.record { background: var(--blue); }
.hash { background: var(--amber); }
table {
width: 100%;
border-collapse: collapse;
font-size: .91rem;
}
th, td {
border-bottom: 1px solid var(--line);
padding: 10px 8px;
text-align: left;
vertical-align: top;
}
th {
color: var(--muted);
font-size: .72rem;
letter-spacing: .06em;
text-transform: uppercase;
}
code {
border: 1px solid #243039;
border-radius: 0;
background: var(--mono);
color: #dfe8e2;
padding: 2px 5px;
font-family: "Cascadia Mono", Consolas, monospace;
word-break: break-word;
}
footer {
border-top: 1px solid var(--line);
color: var(--muted);
}
@media (max-width: 720px) {
table { font-size: .84rem; }
th, td { padding: 8px 6px; }
}
</style>
</head>
<body>
<header>
<div class="wrap">
<p class="eyebrow">Canonical Activity Record</p>
<h1>Proof-of-work ledger for public records, submissions, hashes, and anchor trails.</h1>
<p class="lede">This page is a front index for activity that can be checked: public records, certificate exhibits, submission receipts, DKIM/e-signed evidence, signed ledger entries, and fixed hashes. The full running record stays in the ledger repository.</p>
<div class="actions">
<a class="button primary" href="https://github.com/JGoyd/Running-Ledger">Open Running Ledger</a>
<a class="button" href="./anchors/">Anchor Index</a>
<a class="button" href="./canonical/identity-attestation.txt.asc">Identity Attestation</a>
</div>
<div class="stat-grid" style="margin-top: 22px;">
<div class="stat"><span class="label">Holder</span><strong>Joseph R. Goydish II</strong></div>
<div class="stat"><span class="label">Canonical role</span><strong>Activity index and verification surface</strong></div>
<div class="stat"><span class="label">OpenPGP</span><code>4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11</code></div>
</div>
</div>
</header>
<main>
<div class="wrap">
<section>
<h2>Primary Anchors</h2>
<div class="card-grid">
<article class="card">
<div class="chips"><span class="chip public">Certificate exhibit</span><span class="chip hash">Hash backed</span></div>
<h3>CNVD / CNCERT records</h3>
<p>Two CNVD/CNCERT certificate records name Joseph Goydish as contributor for Apple vulnerability records.</p>
<a href="./anchors/">Open anchor index</a>
</article>
<article class="card">
<div class="chips"><span class="chip public">NVD / CISA</span><span class="chip record">Public API</span></div>
<h3>Five Apple CVE rescore records</h3>
<p>Three CVSS 10.0 records and two CVSS 9.8 records tied to public vulnrichment filings and NVD scoring-history records.</p>
<a href="./anchors/cisa-nvd-vulnrichment-rescore/">Open rescore anchor</a>
</article>
<article class="card">
<div class="chips"><span class="chip record">Chronology</span></div>
<h3>CERT/CC VINCE trail</h3>
<p>Coordination chronology for VU#395558 and VRF#25-01-MPVDT / gen-41698 predates relevant Apple advisories.</p>
<a href="./anchors/certcc-vince-chronology/">Open chronology anchor</a>
</article>
</div>
</section>
<section>
<h2>NVD / CISA Rescore Records</h2>
<table>
<thead>
<tr><th>CVE</th><th>Score</th><th>Filing</th><th>Public proof</th></tr>
</thead>
<tbody>
<tr><td>CVE-2025-24085</td><td><strong>10.0 Critical</strong></td><td><code>vulnrichment#194</code></td><td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-24085">NVD</a> / <a href="https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24085">history API</a> / <a href="https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201">GitHub reference</a></td></tr>
<tr><td>CVE-2025-24201</td><td><strong>10.0 Critical</strong></td><td><code>vulnrichment#194</code></td><td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-24201">NVD</a> / <a href="https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24201">history API</a> / <a href="https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201">GitHub reference</a></td></tr>
<tr><td>CVE-2025-43300</td><td><strong>10.0 Critical</strong></td><td><code>vulnrichment#201</code></td><td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-43300">NVD</a> / <a href="https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-43300">history API</a></td></tr>
<tr><td>CVE-2025-31200</td><td><strong>9.8 Critical</strong></td><td><code>vulnrichment#200</code></td><td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-31200">NVD</a> / <a href="https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200">history API</a> / <a href="https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md">GitHub reference</a></td></tr>
<tr><td>CVE-2025-31201</td><td><strong>9.8 Critical</strong></td><td><code>vulnrichment#200</code></td><td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-31201">NVD</a> / <a href="https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31201">history API</a> / <a href="https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md">GitHub reference</a></td></tr>
</tbody>
</table>
</section>
<section>
<h2>CNVD Certificate Exhibits</h2>
<p>Certificate exhibits are listed by record, certificate number, printed contributor, hash, and direct file link. The NVD/CISA rows above are the independently web-checkable vulnerability-record spine.</p>
<table>
<thead>
<tr><th>Record</th><th>Certificate</th><th>Printed contributor</th><th>SHA-256</th><th>File</th></tr>
</thead>
<tbody>
<tr>
<td>CNVD-2025-06744<br><small>Apple iOS / iPadOS buffer overflow</small></td>
<td><code>CNVD-YCGO-202503023656</code></td>
<td>Joseph Goydish</td>
<td><code>352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C</code></td>
<td><a href="./evidence/TRACK-B-CNVD-2025-06744/evidence/CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf">Open PDF</a></td>
</tr>
<tr>
<td>CNVD-2025-07885<br><small>Apple memory reuse</small></td>
<td><code>CNVD-YCGO-202504012519</code></td>
<td>Joseph Goydish</td>
<td><code>D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8</code></td>
<td><a href="./evidence/TRACK-B-CNVD-2025-07885/evidence/CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf">Open PDF</a></td>
</tr>
</tbody>
</table>
</section>
<section>
<h2>Running Ledger</h2>
<p>The running ledger carries the broader investigative work: submissions, receipts, DKIM/e-signed evidence, references, SHA-256 packet hashes, and signed chronology.</p>
<a class="button primary" href="https://github.com/JGoyd/Running-Ledger">Open Running Ledger</a>
</section>
</div>
</main>
<footer>
<div class="wrap">
<p>Organized as a canonical record. No private keys, credentials, exploit code, or sensitive packet bodies are published here.</p>
</div>
</footer>
</body>
</html>