Questions tagged [heap-overflow]
A heap overflow is a class of memory corruption occurring on the heap. It can potentially be used to exploit the faulty program.
35 questions
2votes
1answer
268views
Questions on GLIBC Heap Exploitation (House of Force)
This is with reference to Max Kamper's video on GLIBC heap exploitation and these articles I read https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i https://www.crow.rip/crows-nest/binexp/...
- 209
0votes
1answer
243views
Stack vs Heap exploit, which have more CVE documented?
I tried to google this topic but most of them are conflicting each other. On the other side, I found a case where I can use either stack (local variable) or heap for a dynamic string. It's C by the ...
- 133
20votes
6answers
11kviews
Do high level languages allow for buffer / heap overflow?
I'm learning about basic x86 overflows in C but normally I code with Python. Is there anyway that programs written in higher level languages can suffer from buffer/heap overflow?
- 235
1vote
1answer
1kviews
Heap overflow - strcpy() on x86_64 (64bit)
I'm stuck on the Heap1 challenge from Exploit Education. After compiling the source code in a 64bit system, without any security mechanism, I try to overflow the heap in order to overwrite the main ...
- 21
1vote
0answers
260views
How does glibc prevent malloc unlink exploits?
The classic malloc overflow, of overwriting pointers in a free chunk, to cause free() unlink to overwrite an arbitrary location with an arbitrary value, is no longer possible with modern glibc (...
- 307
1vote
1answer
826views
Can a heap/mmap buffer overflow overwrite the stack
The following questions regard linux processes with a stack that grows downwards from the end of the process memory. If I have a buffer overflow on the heap with unlimited size, are there any ...
- 11
1vote
2answers
274views
Exploitation tactics for heap over-reading?
One of recent CVEs particularly 2019-13615 related to VLC media player, attracted my attention because of the developer reaction: Any non-exploitable read overflow get CVSS of 9.8, like VLC is a ...
- 163
0votes
1answer
478views
Microsoft Outlook Vulnerability CVE-2018-8587 - How likely is exploitation?
I found an interesting blog post A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587 about Microsoft Outlook heap buffer overflow vulnerability where is described how Microsoft ...
- 602
1vote
1answer
752views
What is Return-Oriented Programming? [closed]
With return-oriented programming, when we fill a buffer with the stack contents (arguments and return addresses) for the function calls we plan on "injecting," how do we actually change the stack ...
- 285
1vote
0answers
165views
Need help in exploiting an overflow on Linux [closed]
There is a 32-bit linux application. It's possible to overwrite EIP easily. I will call this process: "send a string". It's also possible to send about 10000 custom bytes to heap (it's possible to ...
1vote
0answers
344views
Exploiting a Heap Overrun Vulnerability
I am really trying to understand the concept of the attack made possible by the code given below. I notice that strcpy is being used, which does not perform any boundary checks and therefore enables ...
- 297
1vote
0answers
126views
want to know about heap exploit
I am practicing my heap exploit skill with following website. http://hatriot.github.io/blog/2014/09/21/protostar-heap-exploits/. But under the title of heap 3 exploit, I didnot understand with what ...
- 71
1vote
2answers
8kviews
Buffer overflows on the heap vs the stack
It is my current understanding that in order to successfully exploit a stack-based buffer overflow vulnerability, we must first overflow the buffer, thus overwriting the return pointer and gaining ...
- 636
1vote
1answer
239views
Is it a win for an attacker, if they overflow the most recently malloc'd buffer on the heap?
If I call malloc and then overflow the buffer I created, I am then writing to unused memory. Is there any security impact from me being able to do so? I would think you'd want to call malloc twice, ...
- 572
1vote
0answers
406views
Does aslr definitely end the possibility of code execution in the case of filesystems heap overflows?
Local only Filesystems (like ntfs or btrfs) consists of many data structures that require very complex code for parsing them. So, such filesystems if implemented in user space can suffer of buffer ...
- 1,512
