Linux Heap Calloc Exploitation part 2

In this paper, I introduce the reader to a heap metadata corruption against the most current version of the Linux Heap allocator. Normally, calloc will allocate data and zero out the memory before returning a pointer to it. An attacker that can overflow from one chunk into a free chunk in a fast bin can force calloc to return uninitialised data. This information leak could be utilised to defeat ASLR or expose sensitive information.

Linux Heap Calloc Exploitation part 2.PDF

Popular posts from this blog

Pointer Compression in V8

C++ Memory Corruption (std::string) - part 4

C++ Memory Corruption (std::vector) - part 2