Difference between revisions of "Bug Classes/Heap overflow"
Jump to navigation
Jump to search
(Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata...") |
(No difference)
|
Latest revision as of 22:11, 4 November 2015
Details
Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.
Examples
Mitigations
- runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
- guard pages
- metadata validation (e.g. glibc's heap protections)