LinkedDataHub

Heap overflow

A heap overflow, heap overrun, or heap smashing is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc metadata) and uses the resulting pointer exchange to overwrite a program function pointer.

Comment
enA heap overflow, heap overrun, or heap smashing is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc metadata) and uses the resulting pointer exchange to overwrite a program function pointer.
Has abstract
enA heap overflow, heap overrun, or heap smashing is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc metadata) and uses the resulting pointer exchange to overwrite a program function pointer. For example, on older versions of Linux, two buffers allocated next to each other on the heap could result in the first buffer overwriting the second buffer's metadata. By setting the in-use bit to zero of the second buffer and setting the length to a small negative value which allows null bytes to be copied, when the program calls free on the first buffer it will attempt to merge these two buffers into a single buffer. When this happens, the buffer that is assumed to be freed will be expected to hold two pointers FD and BK in the first 8 bytes of the formerly allocated buffer. BK gets written into FD and can be used to overwrite a pointer.
Hypernym
Overflow
Is primary topic of
Heap overflow
Label
enHeap overflow
Link from a Wikipage to an external page
phrack.org/issues/57/8.html%23article
www.h-online.com/security/features/A-Heap-of-Risk-747161.html
www.ptsecurity.com/download/defeating-xpsp2-heap-protection.pdf
Link from a Wikipage to another Wikipage
Address Space Layout Randomization
Arbitrary code execution
ASLR
Buffer overflow
Category:Computer security exploits
Category:Software anomalies
C dynamic memory allocation
Exploit (computer security)
Function pointer
GNU C Library
Graphics Device Interface
Heap (programming)
Heap spraying
IOS jailbreaking
JPEG
Kernel (operating system)
Linked list
Linux
Memory protection
Microsoft
NX bit
Operating system
PaX
Pointer (computer programming)
Runtime (program lifecycle phase)
Shellcode
Stack buffer overflow
Stack overflow
Windows Server 2003
Windows Vista
Windows XP
SameAs
4wseb
Dépassement de tas
Desbordamiento de montículo
Heap overflow
Heap overflow
Heap overflow
Heap overflow
m.01g21g
Přetečení na haldě
Przepełnienie sterty
Q775289
سرریز هیپ
힙 오버플로
Subject
Category:Computer security exploits
Category:Software anomalies
WasDerivedFrom
Heap overflow?oldid=1115013439&ns=0
WikiPageInterLanguageLink
Heap Overflow
WikiPageLength
5490
Wikipage page ID
219328
Wikipage revision ID
1115013439
WikiPageUsesTemplate
Template:Reflist
Template:Short description

Backlinks

About

Resources

Support

Follow us