Tags: pwn heap heap-overflow
"If on a winters night a traveler" was a pwn task on 0CTF/TCTF Quals 2019. You have to pwn a custom buggy encryption algorithm for Vim.
The basic idea is simple: you have a heap overflow, and you can overwrite a pointer in some adjacent structure to obtain an arbitrary write. What makes the task fun is that overflow direction is controllable, and you have to to change it mid-overflow in order to fill the source buffer with enough data that will be copied later on.