🐻
CTF Notes
  • Home
  • General
    • Hints
    • Formats
    • Links
    • Reversing
  • Binary
    • Basics
    • Vectors
    • Evasion
    • Payloads
    • Heap
    • Tools
  • Web
    • Web
    • Javascript
    • PHP
  • System
    • Escape
    • Escalation
    • Shells
  • Crypto
    • Hints
Powered by GitBook
On this page
  • Integer Overflows and malloc()
  • Attacks
  • (glibc 2.29) House of Corrosion
  1. Binary

Heap

Tell me more

Using a double-free, an arbitrary address can be introduced in the free list.

TODO: Learn about tcache poisoning, which is related to this.

Integer Overflows and malloc()

Tell me more

There's a pretty common pattern used to allocate an array of n objects of type T: malloc(sizeof(T) * n)

A very large n can cause an overflow of the size_t passed to malloc(). An attacker who controls n can cause a smaller memory area to be allocated, leading to a buffer overflow when the application tries to use that shiny new buffer.

Attacks

(glibc 2.29) House of Corrosion

Tell me more

PreviousPayloadsNextTools

Last updated 3 years ago