All Questions
Tagged with heap-overflowbuffer-overflow
12 questions
20votes
6answers
11kviews
Do high level languages allow for buffer / heap overflow?
I'm learning about basic x86 overflows in C but normally I code with Python. Is there anyway that programs written in higher level languages can suffer from buffer/heap overflow?
- 235
8votes
2answers
869views
When is memory allocation/layout deterministic?
I'm trying to learn about buffer overflow attacks, both on the stack and on the heap. However, I'm confused about when it's possible to determine the address of the buffer. The classic "Smashing the ...
- 968
4votes
2answers
3kviews
Heap canaries, to protect function pointers in heap objects
I'm wondering if anyone has previously proposed, evaluated, or deployed the following measure to harden systems against heap-based buffer overruns: basically, stack canaries, but applied before ...
- 100k
2votes
1answer
1kviews
exploiting Heap Overflow in gdb segfaults
I have been trying to exploit the heap overflow vulnerability for the program below, I am running Linux 14.04. #include <stdio.h> #include <string.h> #include <stdlib.h> int n = 5; ...
- 191
1vote
2answers
8kviews
Buffer overflows on the heap vs the stack
It is my current understanding that in order to successfully exploit a stack-based buffer overflow vulnerability, we must first overflow the buffer, thus overwriting the return pointer and gaining ...
- 636
1vote
2answers
2kviews
Heap spray against 64-bit processes - possible?
Are heap spray exploits possible, if the process we're attacking is a 64-bit process? Naively, it seems like the 64-bit address makes it difficult to mount a heap spray: to fill all (or a significant ...
- 100k
1vote
1answer
827views
Can a heap/mmap buffer overflow overwrite the stack
The following questions regard linux processes with a stack that grows downwards from the end of the process memory. If I have a buffer overflow on the heap with unlimited size, are there any ...
- 11
1vote
1answer
1kviews
Determining the target address in a heap overflow
For a heap overflow to occur and arbitrary code to be executed, the function free() performs the step : hdr->next->next->prev = hdr->next->prev I understand that the address of hdr-&...
- 4,350
1vote
1answer
752views
What is Return-Oriented Programming? [closed]
With return-oriented programming, when we fill a buffer with the stack contents (arguments and return addresses) for the function calls we plan on "injecting," how do we actually change the stack ...
- 285
1vote
0answers
165views
Need help in exploiting an overflow on Linux [closed]
There is a 32-bit linux application. It's possible to overwrite EIP easily. I will call this process: "send a string". It's also possible to send about 10000 custom bytes to heap (it's possible to ...
0votes
3answers
914views
Drive-by downlad VS buffer and stack overflow attacks
Today malware is mainly spread thanks to vulnerabilities exploited in browsers and their plugins. The attackers use JavaScript to target those vulnerabilities. Two examples of such attacks are drive-...
user53675
0votes
1answer
2kviews
Does glibc use canary checking to prevent heap buffer overflow?
Since canary is used by gcc to prevent stack overflow (e.g. -fstack-protector), I am wondering whether glibc uses canary-based approach to defend heap buffer overflow? For example, this paper proposes ...
- 362
