IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [heap-overflow]

A heap overflow is a class of memory corruption occurring on the heap. It can potentially be used to exploit the faulty program.

34 questions
19
votes
6 answers

Do high level languages allow for buffer / heap overflow?

I'm learning about basic x86 overflows in C but normally I code with Python. Is there anyway that programs written in higher level languages can suffer from buffer/heap overflow?
blank
  • 225
  • 1
  • 3
11
votes
1 answer

How to exactly create a CVE?

I found an heap overflow exploit for a vulnerability in git servers. This lead to lucrative operations on various bug bounty programs (GitHub already promised to put me in their top 10). When it was corrected recently, the case of remote code…
user2284570
  • 1,402
  • 1
  • 14
  • 33
8
votes
2 answers

When is memory allocation/layout deterministic?

I'm trying to learn about buffer overflow attacks, both on the stack and on the heap. However, I'm confused about when it's possible to determine the address of the buffer. The classic "Smashing the Stack for Fun and Profit" mentions the need to…
Lily Chung
  • 968
  • 1
  • 9
  • 13
5
votes
1 answer

Why would a heap buffer overflow cause a crash on only some Windows 10 systems?

I have a stl::vector (VS 2010 SP1, x86) out-of-bounds read access attempt that causes a crash on only three Windows 10 systems. It is completely reproducible on those systems, but cannot be reproduced on other systems (Windows 10 or otherwise),…
Patrick
  • 151
  • 2
4
votes
2 answers

Heap canaries, to protect function pointers in heap objects

I'm wondering if anyone has previously proposed, evaluated, or deployed the following measure to harden systems against heap-based buffer overruns: basically, stack canaries, but applied before function pointers in objects stored in the heap rather…
D.W.
  • 98,420
  • 30
  • 267
  • 572
4
votes
2 answers

Heartbleed and heap management - Why user data and passwords are kept in memory?

If I understand correctly the hearbleed vulnerability, only the heap of the OpenSSL process can be retrieved by an attacker (or part of depending on the memory allocation type that is used). Then, how comes the OpenSSL process keeps in memory what…
ack__
  • 2,728
  • 14
  • 25
4
votes
3 answers

Are stack & heap overflow exploits no longer effective?

Do all new OSes implement the no execute bit in order to overcome vulnerabilities that could be used to execute malicious code? for example, is it implemented in Win7? Does that mean that the traditional way of stack & heap overflow exploits are no…
Adban
  • 259
  • 2
  • 9
4
votes
2 answers

Good example of heap exploits on Linux

I'm doing a demonstration of memory corruption attacks, and would like to show some working examples of exploits that feature heap corruption (such as use-after-free). My requirements are: A working exploit (remote or local) on Linux (this is…
SRobertJames
  • 245
  • 1
  • 7
2
votes
0 answers

How to write a PoC of heap-based ROP?

I want to write a Proof-of-Concept to exploiting any heap-based vulnerability(e.g. heap overflow, use-after-free) where my ROP(return-to-programming, a kind of code-reuse attacks) payload is deployed on the heap. While such exploits is widespread on…
Matthewxie
  • 29
  • 1
2
votes
1 answer

exploiting Heap Overflow in gdb segfaults

I have been trying to exploit the heap overflow vulnerability for the program below, I am running Linux 14.04. #include #include #include int n = 5; int main(int argc, char **argv) { char *p, *q; p =…
user10012
  • 191
  • 1
  • 1
  • 9
2
votes
1 answer

Is it possible to execute code in this program using heap overflow?

Program code (with Pseudo code part): #include #include int main(int argc, char** argv) { int controlled1=10; int controlled2=20; int controlled3=300; //test.bin file is also controlled unsigned char * pData; unsigned char …
dev
  • 937
  • 1
  • 8
  • 23
2
votes
1 answer

How can a modern Windows/Linux system be compromised by a heap overflow in Chrome?

Wikipedia's article on Heap Overflow states: there are primarily three ways to protect against heap overflows. Several modern operating systems such as Windows and Linux provide some implementation of all three. Prevent execution of the…
Protector one
  • 133
  • 5
2
votes
1 answer

Controlling where a program crashes

I'm missing a part of the process for preparing a payload for an overflow exploit. To crash a program using an overflow vulnerability, lets say the heap. How can we control the memory address it crashes at and how can some code be sent to control…
some_id
  • 385
  • 2
  • 14
2
votes
2 answers

CVE-2015-3864 - Android Stagefright - how Integer Overflow happens here?

I am trying to understand how "Integer Overflow" happens here and how it works. The vulnerability exists in the chunk of “tx3g”. Chunk_size is the unit which overflows the sum of size. That's to say, the memory assigned is less than the size. Thus…
dev
  • 937
  • 1
  • 8
  • 23
1
vote
2 answers

Heap spray against 64-bit processes - possible?

Are heap spray exploits possible, if the process we're attacking is a 64-bit process? Naively, it seems like the 64-bit address makes it difficult to mount a heap spray: to fill all (or a significant fraction) of virtual memory, you'd need to spray…
D.W.
  • 98,420
  • 30
  • 267
  • 572
1
2 3