Heap Overflow
Basic Information
A heap overflow is like a stack overflow but in the heap. Basically it means that some space was reserved in the heap to store some data and stored data was bigger than the space reserved.
In stack overflows we know that some registers like the instruction pointer or the stack frame are going to be restored from the stack and it could be possible to abuse this. In case of heap overflows, there isn't any sensitive information stored by default in the heap chunk that can be overflowed. However, it could be sensitive information or pointers, so the criticality of this vulnerability depends on which data could be overwritten and how an attacker could abuse this.
In order to find overflow offsets you can use the same patters as in stack overflows.
Example ARM64
In the page https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/ you can find a heap overflow example where a command that is going to be executed is stored in the following chunk from the overflowed chunk. So, it's possible to modify the executed command by overwriting it with an easy exploit such as:
Last updated