http://kernsec.org/wiki/index.php?title=Bug_Classes/Heap_overflow&feed=atom&action=history
Bug Classes/Heap overflow - Revision history
2024-03-28T17:14:13Z
Revision history for this page on the wiki
MediaWiki 1.36.1
http://kernsec.org/wiki/index.php?title=Bug_Classes/Heap_overflow&diff=3729&oldid=prev
KeesCook: Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata..."
2015-11-04T22:11:53Z
<p>Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata..."</p>
<p><b>New page</b></p><div>= Details =<br />
Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.<br />
<br />
= Examples =<br />
<br />
* [http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html pty race condition]<br />
<br />
= Mitigations =<br />
<br />
* runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)<br />
* guard pages<br />
* metadata validation (e.g. glibc's heap protections)</div>
KeesCook