Linux Heap Fast Bin Double Free Exploitation


In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator. An attacker that forces the application to perform a double free can manipulate it to make malloc return an arbitrary pointer in one instance and a duplicate pointer in another instance. Given the appropriate application logic, this can lead to exploitation.

Linux Heap Fast Bin Double Free Exploitation.PDF

Popular posts from this blog

Pointer Compression in V8

C++ Memory Corruption (std::string) - part 4

C++ Memory Corruption (std::vector) - part 2