Linux Heap Fast Bin Double Free Exploitation


In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator. An attacker that forces the application to perform a double free can manipulate it to make malloc return an arbitrary pointer in one instance and a duplicate pointer in another instance. Given the appropriate application logic, this can lead to exploitation.

Linux Heap Fast Bin Double Free Exploitation.PDF

Comments

Popular posts from this blog

Linux Heap TCache Poisoning

Linux Heap glibc 2.27 Double Free Exploitation